codered/nimda blocking
Peter R. Wood
cephas at cephas.dyndns.org
Tue Nov 6 16:38:20 EST 2001
On Tue, 6 Nov 2001, Matt Galster wrote:
> Use the hardware load balancer (HLB) and fergitaboutit. The HLB can probably do the work in its sleep and the web server should be perked up significantly by the protection.
>
> MEG
It does look like our load balancer (Intel NetStructure 7170) can handle
the current problem. It has the ability to handle URLs like this:
http://www.mycompany.com/scripts/Admin.dll?xysyxy=1&asdfasdf=2&1asdfafb=3
with an expression like:
!*.dll
...since everything after the ? isn't actually part of the url.
However, its expressions system is limited. Say for example that a new
virus came out, and the signature of that virus came in the middle of the
url, instead of the end. The 7170 does not support expressions like:
!*.dll*
(i.e. it does not support more than one wildcard)
So this may not be able to shield us from future worms/virii, but it will
work for CodeRed/Nimda.
Thanks,
Peter
-- Peter R. Wood - cephas at cephas.dyndns.org - http://cephas.dyndns.org/
More information about the Discuss
mailing list