[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] HTTP Strange LOG
At least read the man pages and the Linux Advanced Routing & Traffic
Control HOWTO before you post on the subject. Your statement is quite
wrong and confuses many concepts and facts. For one thing, "mangle" is
not an option to look into traffic. It is one of the various tables
(specifically inteded for packet alteration) of rules that iptables manages.
with iptable you can look into the tcp-traffic using the mangle-option.
By letting through only established ipconnections, you can filter out
connections like that from scannern or connections that use a not
related protocoll that is allowed on that port.
No. The question was "how do I protect my webserver from getting
affected by this traffic". That relates to the worm capabilities and has
nothing to do with the fact that the thing also happens to be a trojan.
2) Code red is a worm and it's propagation does not relate to it also
being a trojan.
Ok the security-risk is not so much. That is only a act of cling.
Sigh... OK, I forgot the <joke> and </joke> quotes around this
statement. Anybody else got confused there?
Code red in fact uses http over port
80. In fact a mighty security suggestion: block port 80 towards your
Block port 80 for some known adresses and mangle the connections on port
80 toward your webserver. Blocking all toward the webserver can cause
that no webpages can be requested from outsite. I think.
I'm not going to reply to this nonsense anymore.
PS. And please simply post to the list; most posters read it and do not
require the carbon copy. Thanks.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here