Re: No! Not Code Red (again)
Hi Gord :-)
> www.incidents.org makes mention that it's passible to impliment a
> firewall rule that will slow down the CR/CR2 worm. Does anyone have a
> sample of this rule as an ipchains command. I'm sure we've not seen
> the last of this problem and I'd like to do what I can to help curb
> it's speed of propogation.
A german newsticker announced that Tom Liston had an idea to trap CR -
it's here: http://www.incidents.org/archives/intrusions/msg01215.html
On http://www.incidents.org/archives/intrusions/msg01239.html Mihnea
Stoenescu made public that an example implementation is done. You can
get it here: http://www.hackbusters.net/CodeRedneck.tgz
It works by starting the 3-way-handshake and then keeps quiet - this
does not eliminate CR, it just hinders the fast growth over network.
Hope this is what you wanted,
Linux zu nutzen adelt nicht - aber es bildet.