Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Entriy in apache log
  • From: Markus Gaugusch <markus@xxxxxxxxxxx>
  • Date: Fri, 21 Dec 2001 12:03:49 +0100 (CET)
  • Message-id: <Pine.LNX.4.40.0112211201430.8816-100000@xxxxxxxxxxxxxxxxxx>
> ok let me ask this first can i just have ipchains on the box without
> changing and routig etc that is set now as i wouldnt want to make an
> major overhaul!
This is no problem, but the whole thing (blocking nimda "attacks" to your
linux box) is really useless, as many have non-static ip-adresses and you
will soon have a huge blocking table, which results in poor performance.
If you have really too much entries in your logs (filling up the disks),
clean them with a script that removes all those entries or contact the
provider of the infected hosts.
Blocking of huge address ranges doesn't solve any problems.

Markus Gaugusch

--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \


< Previous Next >
Follow Ups
References