Help - Search - Members - Calendar
Full Version: W32.Nimda.A@mm infection and network usage
The Planet Forums > System Administration > Server Hardware > RaQ Support
MaddieBoi
Sep 21 2001, 01:12 AM
Hi RS-Team...

Is it possible to prevent packets at a router level?

Obviously, with the w32.Nimda.A@mm infection consuming large amounts of bandwidth across the entire internet, is it possible to filter data at a router level... such as the traffic that is causing these problems on our webservers are constant requests for /winnt/system32/cmd.exe? is it possible to filter these requests out at a router or similar before it even reaches our machines?

sort of like creating a firewall rule or something?
Lee-S
Sep 23 2001, 01:52 AM
One way to do it would be to put a snort box with all the worm signatures configured for it, and use it to immediately close the connection, before it even gets into the network. Obviously for a sizable network such as RackShacks, this would be easier said than done. A firewall would be useless, as firewalls are source/destination based, rather than content.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.