19 Sep
2001
19 Sep
'01
4:32 a.m.
Has anybody tried to block nimda HTTP GET probes using URL pattern matches in a "layer-4-7"[1] switch? The ideal result is to prevent nimda GET probes from ever reaching the destination address, but causing the session to be reset towards the server after the open handshake but before the GET can be sent to the server would be acceptably useful. Particularly whether it's possible on a cisco/Arrowpoint switch, but it would be interesting to know about other vendors too. Please reply directly, will summarise if there are answers to share. Thanks! [1] substitute phrase-du-jour as appropriate