New Method for Blocking Code Red and Similar Exploits

From: Randall S. Benn (rbennat_private)
Date: Tue Aug 07 2001 - 15:31:01 PDT

Next message: Tony Langdon: "RE: Was RE: disinfection tool -- now a minor rant."

Previous message: dewt: "Re: Unsuspected "named" behaviour"
Next in thread: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Antonio Vasconcelos: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Mike Batchelor: "RE: New Method for Blocking Code Red and Similar Exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A new method for blocking Code Red and similar exploits that use HTTP GET requests has been published.  The method uses new capabilities within Cisco IOS software.  Read the on-line advisory at:

http://iponeverything.net/CodeRed.html

The beauty of this solution is that it can be used to block Code Red infections today and can be easily modified with new signatures in the future using the HTTP sub-port classification mechanism in IOS.

Randy


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tony Langdon: "RE: Was RE: disinfection tool -- now a minor rant."
Previous message: dewt: "Re: Unsuspected "named" behaviour"
Next in thread: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Antonio Vasconcelos: "Re: New Method for Blocking Code Red and Similar Exploits"
Reply: Mike Batchelor: "RE: New Method for Blocking Code Red and Similar Exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:46:11 PDT