Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
AW: [suse-security] Entriy in apache log
  • From: "Bitzer,Gerd" <gerd.bitzer@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 21 Dec 2001 13:04:38 +0100
  • Message-id: <B9D5AB46E5DCD411B7B600005A992E7C02CCECF0@xxxxxxxxxxxxxxxxxxxx>
Hi,

the nimda attackers in turn have kind of success in doing a kind of a DoS
attack against this boxes.

And how should this evergrowing blocking tables ever be cleared ... ?

-----Urspr√ľngliche Nachricht-----
Von: Markus Gaugusch [mailto:markus@xxxxxxxxxxx]
Gesendet am: Freitag, 21. Dezember 2001 12:04
An: Bob B
Cc: Rogier Maas; suse-security@xxxxxxxx
Betreff: Re: [suse-security] Entriy in apache log

> ok let me ask this first can i just have ipchains on the box without
> changing and routig etc that is set now as i wouldnt want to make an
> major overhaul!
This is no problem, but the whole thing (blocking nimda "attacks" to your
linux box) is really useless, as many have non-static ip-adresses and you
will soon have a huge blocking table, which results in poor performance.
If you have really too much entries in your logs (filling up the disks),
clean them with a script that removes all those entries or contact the
provider of the infected hosts.
Blocking of huge address ranges doesn't solve any problems.

Markus Gaugusch

--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >
This Thread
  • No further messages