Using NBAR to block Nimda
Strata Rose Chalup
strata at virtual.net
Thu Sep 20 00:05:19 UTC 2001
I've been collecting the blocking info from today and yesterday's
nanog onto a page:
http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking
So far:
snort
Squid
ipfw ruby script
procmail rulesets
F5 Big IP
Nortel/Alteon topology trap
Cisco NBAR
Cisco CSS11K, Cisco Content Engine
apache (updated w/mod_throttle info)
iptable deny
SRC
Matt Martini wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Does anyone have a comprehensive filter to stop Nimda using Cisco's NBAR?
>
> Matt
>
> __________________________ http://www.invision.net/ _______________________
>
> Matthew E. Martini, PE InVision.com, Inc. (631) 543-1000 x104
> Chief Technology Officer matt at invision.net (631) 864-8896 Fax
> _______________________________________________________________________pgp_
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i
>
> iQEVAwUBO6ke4GtXn16/JS7ZAQEUoAgAjvwY/fnoJmtmMke03I8uOIxDNUzGqX+e
> sP5L9Fcekg4qKF7Jix4dW+Hk+jZuwp0cSHwRsiGswqIHgHZVjRjliMD4QTjDO4FU
> vYUSKM4nedZhTBjIDlMp3AT9BfLjI1pV1tzYbo2L8otMGdeO3Iv/Ymd+LGZx22Fl
> eNvIOE+LzfipupFcA12AXstJvTH9QZ4Vuzap7ckxzA5NrTXtWphhjiLX0gKqlTsc
> aXp/oL/UfzMps7LiF+my2OsKCBIjyA+mLon0qdS5vs8rGtuES3wADmX/sDF8wuhr
> 9LFpI2VmM5JcrjwwEZIfc5Iq6M4h0so3nfwJDyBh0x5cDlDNimWH6w==
> =+Ucd
> -----END PGP SIGNATURE-----
--
========================================================================
Strata Rose Chalup [KF6NBZ] strata "@" virtual.net
VirtualNet Consulting http://www.virtual.net/
** Project Management & Architecture for ISP/ASP Systems Integration **
=========================================================================
More information about the NANOG
mailing list