Blocking nimda probes with a content-layer switch

[Joe Abley <jabley () automagic org>]

Has anybody tried to block nimda HTTP GET probes using URL
pattern matches in a "layer-4-7"[1] switch?

The ideal result is to prevent nimda GET probes from ever
reaching the destination address, but causing the session
to be reset towards the server after the open handshake but
before the GET can be sent to the server would be acceptably
useful.

Particularly whether it's possible on a cisco/Arrowpoint switch,
but it would be interesting to know about other vendors too.

Please reply directly, will summarise if there are answers to
share.

Thanks!


[1] substitute phrase-du-jour as appropriate