From owner-freebsd-security Wed Sep 19 15:52:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57]) by hub.freebsd.org (Postfix) with ESMTP id 87FF237B416 for ; Wed, 19 Sep 2001 15:52:16 -0700 (PDT) Received: from fpsn.net (control.fpsn.net [63.224.69.60]) (authenticated) by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id f8JMqBS11860 for ; Wed, 19 Sep 2001 16:52:11 -0600 (MDT) Message-ID: <3BA9219B.772E33D5@fpsn.net> Date: Wed, 19 Sep 2001 16:52:11 -0600 From: Colin Faber X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Cc: security@FreeBSD.ORG Subject: Re: NIMDA Virus (OT) References: <3BA9C911.18530.49BAA5C@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Fyi, in case anyone hasn't noticed, Microsoft's Frontpage site `http://www.microsoft.com/frontpage has been infected. wget -q http://www.microsoft.com/frontpage; tail index.html (assuming it hasn't been fixed yet) rshea@opendoor.co.nz wrote: > > > We just put a log monitor on the Apache server, and are firewalling > > anything that sends a request with "cmd.exe" in it. Quite effective. > > I'd like to do this too. I use IPFW. Can anyone point me at a 'how-to' ? I > thought IPFW rules could only be based on IP address or service type ? > > thanks > > richard shea. > > ***************************************************** > Open Door Ltd > PO Box 119-46 > Wellington, NZ > > PH +64 4 384 7639 > FX +64 4 384 7672 > ***************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message