[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] New worm on the road?
> "METE EMINAGAOGLU (IT)" wrote: > > Yes, I think everyone related with networking & security should have > been aware till now somehow. (Since, W32/Nimda is so massive, > aggressive, and posing many multi-functional different threats... > Thanks to all the security vulnerabilities of Microsoft products!!!) > > Yes, you can create an http-security URI object. (Similar to the one > used for CodeRed warm...) > > However, I should warn you that some people continously argue that > this solution slows down http service in the FW, or crashes the FW > completely... ?? (Although I have never faced such problems...) > > I'm still using different http and smtp-security server based rules in > my FW. Even the one I' ve denoted below, no performance bottleneck so > far... > > The solution: (A generic one for W32/Nimda, CodeRed, Sadmind/IIS) > > 1. Create A new URI Resource (say, Block_http), > > Tick both Connection Methods: "Transparent" & "Proxy" > In the URI Match Spec. Type, choose "Wild Cards" > > Schemes: HTTP > Method: GET, (you can also tick the other methods, if u'd like...) > Host: * > Path: > {*default.ida?*,*cmd.exe?*,*root.exe?*,*dmin.dll,*/x,*readme.exe*} > Query:* You forgot *.eml which is important if you don't want vulnerable browsers to get infected. -paul ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|