Hi, On 07-Aug-01 Togan Muftuoglu wrote:
Hi,
Thanks to Boris I have the return-rst for the blockage of the IP block. Can this be used to lower the tcpspam caused by CodeRED since I am _not_ _running_ a publicly available http server and thought of applying this concept to the port 80 requests
of course you could. If you do not run a public web server you just have to block access from the entire outside world (read: connections which are flowing in on the "world device" of your firewall/webserver), thus eliminating any way for an attacker to flood your httpd log files with requests for default.ida's. return-rst would then lower the impact of such attacks on your bandwith if used together with the block of port 80. However, make sure you insert some ipchains input-accept lines for your internal network before blocking the outside world if you want your internal clients to be able to use our internal web server.
-- Togan Muftuoglu
---
Boris Lorenz