[42734] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Using NBAR to block Nimda

daemon@ATHENA.MIT.EDU (Strata Rose Chalup)
Wed Sep 19 19:57:55 2001

Message-ID: <3BA932BF.2FB7EE26@virtual.net>
Date: Wed, 19 Sep 2001 17:05:19 -0700
From: Strata Rose Chalup <strata@virtual.net>
Reply-To: strata@virtual.net
MIME-Version: 1.0
To: "Matthew E. Martini" <martini@invision.net>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu



I've been collecting the blocking info from today and yesterday's
nanog onto a page:

http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking

So far:
     snort 
     Squid 
     ipfw ruby script 
     procmail rulesets 
     F5 Big IP 
     Nortel/Alteon topology trap 
     Cisco NBAR 
     Cisco CSS11K, Cisco Content Engine 
     apache (updated w/mod_throttle info) 
     iptable deny 

SRC

Matt Martini wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Does anyone have a comprehensive filter to stop Nimda using Cisco's NBAR?
> 
> Matt
> 
> __________________________ http://www.invision.net/ _______________________
> 
>  Matthew E. Martini, PE        InVision.com, Inc.   (631) 543-1000 x104
>  Chief Technology Officer      matt@invision.net    (631) 864-8896 Fax
> _______________________________________________________________________pgp_
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i
> 
> iQEVAwUBO6ke4GtXn16/JS7ZAQEUoAgAjvwY/fnoJmtmMke03I8uOIxDNUzGqX+e
> sP5L9Fcekg4qKF7Jix4dW+Hk+jZuwp0cSHwRsiGswqIHgHZVjRjliMD4QTjDO4FU
> vYUSKM4nedZhTBjIDlMp3AT9BfLjI1pV1tzYbo2L8otMGdeO3Iv/Ymd+LGZx22Fl
> eNvIOE+LzfipupFcA12AXstJvTH9QZ4Vuzap7ckxzA5NrTXtWphhjiLX0gKqlTsc
> aXp/oL/UfzMps7LiF+my2OsKCBIjyA+mLon0qdS5vs8rGtuES3wADmX/sDF8wuhr
> 9LFpI2VmM5JcrjwwEZIfc5Iq6M4h0so3nfwJDyBh0x5cDlDNimWH6w==
> =+Ucd
> -----END PGP SIGNATURE-----

-- 
========================================================================
Strata Rose Chalup [KF6NBZ]                      strata "@" virtual.net
VirtualNet Consulting                            http://www.virtual.net/
 ** Project Management & Architecture for ISP/ASP Systems Integration **
=========================================================================


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[42734] in North American Network Operators' Group

Re: Using NBAR to block Nimda

daemon@ATHENA.MIT.EDU (Strata Rose Chalup)Wed Sep 19 19:57:55 2001

daemon@ATHENA.MIT.EDU (Strata Rose Chalup)
Wed Sep 19 19:57:55 2001