[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No! Not Code Red (again)



Hi Gord :-)

>    www.incidents.org makes mention that it's passible to impliment a
> firewall rule that will slow down the CR/CR2 worm. Does anyone have a
> sample of this rule as an ipchains command. I'm sure we've not seen
> the last of this problem and I'd like to do what I can to help curb
> it's speed of propogation.

A german newsticker announced that Tom Liston had an idea to trap CR -
it's here: http://www.incidents.org/archives/intrusions/msg01215.html
On http://www.incidents.org/archives/intrusions/msg01239.html Mihnea 
Stoenescu made public that an example implementation is done. You can 
get it here: http://www.hackbusters.net/CodeRedneck.tgz
It works by starting the 3-way-handshake and then keeps quiet - this 
does not eliminate CR, it just hinders the fast growth over network.

	Hope this is what you wanted,



			Friedemann
--
Linux zu nutzen adelt nicht - aber es bildet.



Reply to: