Re: No! Not Code Red (again)

To: "Gord Mc.Pherson" <gordzilla@sympatico.ca>
Cc: debian-firewall <debian-firewall@lists.debian.org>
Subject: Re: No! Not Code Red (again)
From: Friedemann Schorer <Friedemann.Schorer@gmx.de>
Date: Tue, 07 Aug 2001 18:10:27 +0200
Message-id: <[🔎] 0GHP00LDEGXK8U@mail1.uni-rostock.de>
Reply-to: Friedemann.Schorer@gmx.de
In-reply-to: <[🔎] Pine.LNX.4.32.0108061347430.16503-100000@water.lan>

Hi Gord :-)

>    www.incidents.org makes mention that it's passible to impliment a
> firewall rule that will slow down the CR/CR2 worm. Does anyone have a
> sample of this rule as an ipchains command. I'm sure we've not seen
> the last of this problem and I'd like to do what I can to help curb
> it's speed of propogation.

A german newsticker announced that Tom Liston had an idea to trap CR -
it's here: http://www.incidents.org/archives/intrusions/msg01215.html
On http://www.incidents.org/archives/intrusions/msg01239.html Mihnea 
Stoenescu made public that an example implementation is done. You can 
get it here: http://www.hackbusters.net/CodeRedneck.tgz
It works by starting the 3-way-handshake and then keeps quiet - this 
does not eliminate CR, it just hinders the fast growth over network.

	Hope this is what you wanted,



			Friedemann
--
Linux zu nutzen adelt nicht - aber es bildet.

Reply to:

Follow-Ups:
- Re: No! Not Code Red (again)
  - From: "Gord Mc.Pherson" <gordzilla@sympatico.ca>

References:
- No! Not Code Red (again)
  - From: "Gord Mc.Pherson" <gordzilla@sympatico.ca>

Prev by Date: No! Not Code Red (again)
Next by Date: Re: No! Not Code Red (again)
Previous by thread: No! Not Code Red (again)
Next by thread: Re: No! Not Code Red (again)
Index(es):
- Date
- Thread