Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Problem blocking CodeRed with http resource

To: [email protected]
Subject: Re: [FW-1] Problem blocking CodeRed with http resource
From: "Chontzopoulos, Dimitris" <[email protected]>
Date: Thu, 18 Oct 2001 19:57:26 +0300
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Have you added a rule under the BlockNimda rule to allow the rest of the
http traffic???

-----Original Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Thursday, October 18, 2001 5:11 PM
To: [email protected]
Subject: Re: [FW-1] Problem blocking CodeRed with http resource


Ah thank you.

Any idea why it is not working though?

-----Original Message-----
From: Werner.Brockhoven [mailto:[email protected]]
Sent: Thursday, October 18, 2001 5:14 AM
To: FW-1-MAILINGLIST
Subject: Re: [FW-1] Problem blocking CodeRed with http resource


Hi,

You'll also want to add readme.eml

Regards,

Werner

-----Original Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Wednesday, October 17, 2001 9:47 PM
To: [email protected]
Subject: [FW-1] Problem blocking CodeRed with http resource


Hey all

I picked up the way to do this out of an earlier thread and got it to
work wonderfully - I thought.

Once I had it in place (it being the following):

ANY - ANY - NIMBABLOCK - DROP

Where NIMBABLOCK is an Resource URI definition like:

Connection methods:  Transparent, Proxy
Exception track: Log
URI match: Wild Cards
Schemes: http
Methods: GET
Host: *
Path: {*default.ida?*,*cmd.exe?*,*root.exe?*,*dmin.dll,*/x,*readme.exe*}
Query: *

Works great if I test it going out to the DMZ from inside, but coming in
from the Internet to the DMZ it apparently is blocking all web traffic
on this rule.  From the inside to the DMZ it works perfectly

Any help would be appreciated as my web server logs are filling with
this fluff

Bill (FW41-1, SP 2, HPUX)






Bill Chmura
Ensign-Bickford Industries, Inc.
Information Technologies Department

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] Logging to mysql
Next by Date: Re: [FW-1] Anti-Spoofing
Previous by thread: Re: [FW-1] Problem blocking CodeRed with http resource
Next by thread: Re: [FW-1] Problem blocking CodeRed with http resource
Index(es):
- Date
- Thread