Cod Red HELP!!!!
s I n
sin@Aniela.EU.ORG
Tue, 7 Aug 2001 21:02:06 +0300 (EEST)
Yes, you are right. I must have thought at something else when I wrote my
previous e-mail. I fogot that the conection is initiated first and then
the query is sent.
Regards,
/me
On Tue, 7 Aug 2001, Nigel Morse wrote:
>
> > Try to use the string match figure of iptables inside your firewall so
> > you can drop any packets that contain default.ida string.
>
> But is the default.ida string isn't in the syn packet - by the time that
> string arrives your connection is open and the server just has to respond
> with a page not found (as it's a UNIX server I'm guessing it's not running
> IIS ;) ) - blocking the packet leaves the connection open. I don't know
> ennough about this stuff to know if it's better to let the packet run and
> close the connection or block it and leave it open till it times out.
>
> Cheers
> Nigel
>
>