North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Using NBAR to block Nimda
I've been collecting the blocking info from today and yesterday's nanog onto a page: http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking So far: snort Squid ipfw ruby script procmail rulesets F5 Big IP Nortel/Alteon topology trap Cisco NBAR Cisco CSS11K, Cisco Content Engine apache (updated w/mod_throttle info) iptable deny SRC Matt Martini wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Does anyone have a comprehensive filter to stop Nimda using Cisco's NBAR? > > Matt > > __________________________ http://www.invision.net/ _______________________ > > Matthew E. Martini, PE InVision.com, Inc. (631) 543-1000 x104 > Chief Technology Officer [email protected] (631) 864-8896 Fax > _______________________________________________________________________pgp_ > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.1i > > iQEVAwUBO6ke4GtXn16/JS7ZAQEUoAgAjvwY/fnoJmtmMke03I8uOIxDNUzGqX+e > sP5L9Fcekg4qKF7Jix4dW+Hk+jZuwp0cSHwRsiGswqIHgHZVjRjliMD4QTjDO4FU > vYUSKM4nedZhTBjIDlMp3AT9BfLjI1pV1tzYbo2L8otMGdeO3Iv/Ymd+LGZx22Fl > eNvIOE+LzfipupFcA12AXstJvTH9QZ4Vuzap7ckxzA5NrTXtWphhjiLX0gKqlTsc > aXp/oL/UfzMps7LiF+my2OsKCBIjyA+mLon0qdS5vs8rGtuES3wADmX/sDF8wuhr > 9LFpI2VmM5JcrjwwEZIfc5Iq6M4h0so3nfwJDyBh0x5cDlDNimWH6w== > =+Ucd > -----END PGP SIGNATURE----- -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** =========================================================================
|