Date: Sun, 23 Sep 2001 08:07:59 -0400 From: "Jonathan M. Slivko" <jslivko@4evermail.com> To: "Chris Byrnes" <chris@JEAH.net>, <security@freebsd.org> Subject: Re: New worm protection Message-ID: <01f601c14428$63637e90$9865fea9@equinox> References: <006701c141dd$8f185940$24f2fa18@mdsn1.wi.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The best kind of protection I can offer is to write a script that will scan the apache logs and use ipfw to ban whole class C's that generate a 404. That may be a little extreme, but it works. I will try and get a copy of the code to you later. -- Jonathan ----- Original Message ----- From: "Chris Byrnes" <chris@JEAH.net> To: <security@freebsd.org> Sent: Thursday, September 20, 2001 10:07 AM Subject: New worm protection > Has anyone written an easy-to-use ipfw rule or some kind of script that will > help with this new worm? > > I have restricted Apache to just listen to my main two web IPs instead of > all of the IPs (I have > hundreds of domains and each of them previously had its own IP for different > reasons), and > that's cut down the bandwidth use in half, but I'm still about double what > my daily normal bandwidth > usage is. > > Frustration is high, and money issues are going to surface soon. Any help > would be appreciated. > > > Chris Byrnes, Managing Member > JEAH Communications, LLC > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01f601c14428$63637e90$9865fea9>