|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm probes
On Tue, Sep 18, 2001 at 09:51:43AM -0700, Joseph McDonald wrote: > One idea: Once a probe is sent, the prober's > IP# is stored in a hash (perhaps in shared memory or a mmap'd file > that all children can share) and new connections from that IP are no > longer accepted. Better yet, set a host route for them with next hop set to 127.0.0.1. That assumes that you don't want infected hosts talking to your host at all. -- Jeff Gehlbach, Concord Communications <[email protected]> Senior Professional Services Consultant, Atlanta ph. 770.384.0184 fax 770.384.0183
|