[Snort-users] Code Red attacks

Jason Withrow jwithrow at ...422...
Mon Sep 17 15:39:03 EDT 2001


Yeah, I have all the patches, plus ida's and idq's unmapped, so all it
does is cause unnecessary bandwidth on my little netork.

I can't block them at the router cause I don't have one.
I am using NAT, and IPSEC is too unflexable to do anything good.

Anyone know of a free win32 port filtering app?

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Gordon
Ewasiuk
Sent: Monday, September 17, 2001 6:22 PM
To: Jason Withrow
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Code Red attacks

On Today, Jason Withrow wrote:
>What is the legal issue, it is a purely defensive mechanism.

>On Today, Jason Withrow wrote:
>>Since CR installs a CMD Shell that is freely accessable,
>>Write a script that write a text file to that users computer.

<disclaimer>
I am not a lawyer and despise Code Red as much as anyone.
</disclaimer>

You suggested writing a text file to an infected system.  Such an act
could be construed as tampering with that system, illegally uploading
data, using their resources without their permission, etc.  Some
companies
might even call that a break-in attempt.

Not sure how I would handle it.  I'm a firm beliver in proactive
monitoring and patching.

-Gordon

--------------------------------------------------
Gordon Ewasiuk, Certifed Sun Fanatic,  Winstar VHC
The REAL office number is here----->  703.893.4901
Tired of BSODs, My Computer, and Code Red?
http://www.sun.com/solaris/binaries/
-------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list