Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

codered/nimda blocking



On Tue, 6 Nov 2001, Matt Galster wrote:

> Use the hardware load balancer (HLB) and fergitaboutit.  The HLB can probably do the work in its sleep and the web server should be perked up significantly by the protection.
>
> MEG

It does look like our load balancer (Intel NetStructure 7170) can handle
the current problem. It has the ability to handle URLs like this:

http://www.mycompany.com/scripts/Admin.dll?xysyxy=1&asdfasdf=2&1asdfafb=3

with an expression like:

!*.dll

...since everything after the ? isn't actually part of the url.

However, its expressions system is limited. Say for example that a new
virus came out, and the signature of that virus came in the middle of the
url, instead of the end. The 7170 does not support expressions like:

!*.dll*

(i.e. it does not support more than one wildcard)

So this may not be able to shield us from future worms/virii, but it will
work for CodeRed/Nimda.

Thanks,

Peter

-- Peter R. Wood - cephas at cephas.dyndns.org - http://cephas.dyndns.org/





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org