I've been collecting the blocking info from today and yesterday's nanog onto a page: http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking So far: snort Squid ipfw ruby script procmail rulesets F5 Big IP Nortel/Alteon topology trap Cisco NBAR Cisco CSS11K, Cisco Content Engine apache (updated w/mod_throttle info) iptable deny SRC Matt Martini wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Does anyone have a comprehensive filter to stop Nimda using Cisco's NBAR?
Matt
__________________________ http://www.invision.net/ _______________________
Matthew E. Martini, PE InVision.com, Inc. (631) 543-1000 x104 Chief Technology Officer matt@invision.net (631) 864-8896 Fax _______________________________________________________________________pgp_
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i
iQEVAwUBO6ke4GtXn16/JS7ZAQEUoAgAjvwY/fnoJmtmMke03I8uOIxDNUzGqX+e sP5L9Fcekg4qKF7Jix4dW+Hk+jZuwp0cSHwRsiGswqIHgHZVjRjliMD4QTjDO4FU vYUSKM4nedZhTBjIDlMp3AT9BfLjI1pV1tzYbo2L8otMGdeO3Iv/Ymd+LGZx22Fl eNvIOE+LzfipupFcA12AXstJvTH9QZ4Vuzap7ckxzA5NrTXtWphhjiLX0gKqlTsc aXp/oL/UfzMps7LiF+my2OsKCBIjyA+mLon0qdS5vs8rGtuES3wADmX/sDF8wuhr 9LFpI2VmM5JcrjwwEZIfc5Iq6M4h0so3nfwJDyBh0x5cDlDNimWH6w== =+Ucd -----END PGP SIGNATURE-----
-- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** =========================================================================