Re: a real way to stop an http based worm

From: Jose Nazario (joseat_private)
Date: Fri Sep 07 2001 - 14:47:44 PDT

Next message: David Schwartz: "RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"

Previous message: Meritt James: "permission (was: Re: illegal cheer"
In reply to: Gert-Jan Hagenaars: "a real way to stop an http based worm"
Next in thread: abel: "Re: a real way to stop an http based worm"
Reply: abel: "Re: a real way to stop an http based worm"
Reply: The Crocodile: "Re: a real way to stop an http based worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 7 Sep 2001, Gert-Jan Hagenaars wrote:

> Can this be done on the web-proxy boxes that the ISPs have on their
> networks?  I.e. dunk anything that looks for "/default.ida?blah"?

yep. reverse proxies can be configured to do this. and cisco ACLs can
already reset/block such connections i believe.

in short a good idea, and one that can already be implemented.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Next message: David Schwartz: "RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Previous message: Meritt James: "permission (was: Re: illegal cheer"
In reply to: Gert-Jan Hagenaars: "a real way to stop an http based worm"
Next in thread: abel: "Re: a real way to stop an http based worm"
Reply: abel: "Re: a real way to stop an http based worm"
Reply: The Crocodile: "Re: a real way to stop an http based worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 16:01:07 PDT