Mailinglist Archive: opensuse-security (465 mails)
| < Previous | Next > |
AW: [suse-security] Entriy in apache log
- From: "Bitzer,Gerd" <gerd.bitzer@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Dec 2001 13:04:38 +0100
- Message-id: <B9D5AB46E5DCD411B7B600005A992E7C02CCECF0@xxxxxxxxxxxxxxxxxxxx>
Hi,
the nimda attackers in turn have kind of success in doing a kind of a DoS
attack against this boxes.
And how should this evergrowing blocking tables ever be cleared ... ?
-----Ursprüngliche Nachricht-----
Von: Markus Gaugusch [mailto:markus@xxxxxxxxxxx]
Gesendet am: Freitag, 21. Dezember 2001 12:04
An: Bob B
Cc: Rogier Maas; suse-security@xxxxxxxx
Betreff: Re: [suse-security] Entriy in apache log
> ok let me ask this first can i just have ipchains on the box without
> changing and routig etc that is set now as i wouldnt want to make an
> major overhaul!
This is no problem, but the whole thing (blocking nimda "attacks" to your
linux box) is really useless, as many have non-static ip-adresses and you
will soon have a huge blocking table, which results in poor performance.
If you have really too much entries in your logs (filling up the disks),
clean them with a script that removes all those entries or contact the
provider of the infected hosts.
Blocking of huge address ranges doesn't solve any problems.
Markus Gaugusch
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
the nimda attackers in turn have kind of success in doing a kind of a DoS
attack against this boxes.
And how should this evergrowing blocking tables ever be cleared ... ?
-----Ursprüngliche Nachricht-----
Von: Markus Gaugusch [mailto:markus@xxxxxxxxxxx]
Gesendet am: Freitag, 21. Dezember 2001 12:04
An: Bob B
Cc: Rogier Maas; suse-security@xxxxxxxx
Betreff: Re: [suse-security] Entriy in apache log
> ok let me ask this first can i just have ipchains on the box without
> changing and routig etc that is set now as i wouldnt want to make an
> major overhaul!
This is no problem, but the whole thing (blocking nimda "attacks" to your
linux box) is really useless, as many have non-static ip-adresses and you
will soon have a huge blocking table, which results in poor performance.
If you have really too much entries in your logs (filling up the disks),
clean them with a script that removes all those entries or contact the
provider of the infected hosts.
Blocking of huge address ranges doesn't solve any problems.
Markus Gaugusch
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
| < Previous | Next > |