[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] New worm on the road?
Oups, after taking time to think to the problem i realized than it is impossible to DROP a connection which has to be examined by a security server. The security server has to first accept it to see the content of the request to decide to reject it or accept it, so at that time any rule in the firewall cant drop it, just reject it as it has already been open ! The problem with Nimda (I don't see many attack anymore) is than it try to send all it's attack indiferently if it is rejected or dropped, but if it is dropped, i.e no answer at all to the attack, it wait the timeout period which slow down by a great factor the attack rates. At 13:24 2001-09-22 -0400, Yves Belle-Isle wrote: >>>> The problem is than with a HTTP Security server ressource to block NimDa even if you specify DROP in the ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] Responsable des Systemes Tel: Sogi Informatique Ltee. Fax: ------------------------------------------------------------ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|