There is a beta program based on snort which drops bad packets (e.g.
code-red / nimda).
Check http://hogwash.sourceforge.net/
----- Original Message -----
From: "Vicky Shrestha" <mail@vickysh.wlink.com.np>
To: <squid-users@squid-cache.org>
Cc: <dileep@wlink.com.np>
Sent: Thursday, November 15, 2001 7:26 AM
Subject: [squid-users] nimda and squid
> Hello squid-users,
>
> I am running trasparent proxy servers with squid and have applied
> acl to block nimda but still the proxies server crashes very often
> due to nimda attacks.I can see the IP's attacking the server and
> need to block them out; And one more thing I can't block them out
> for ever because we are an ISP and IPs keep on changing.
>
> So I need a program that can detect nimda requests by monitoring
> squid access.log or any other way ,block those ips until it's online
> and remove them after a couple of minutes or so.
>
> Can anyone please help me out on this???
>
>
> --
> Best regards,
>
> Vicky Shrestha
> System Administrator
> World Link Communications
> mailto:mail@vickysh.wlink.com.np
>
>
Received on Thu Nov 15 2001 - 12:07:39 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:15 MST