Not like that. This is an inbound filter at our border (we are an ISP). I'm sure others are doing something similar. I sure as hell wouldn't allow control of my core routers to be done via a web server... :-) I doubt that anyone would. It would introduce a security risk thats not necessary, and creating and applying adaptive access lists would be horrible. The end user should still have a firewall. And a virus killer. Too many use neither.
-----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Juha Saarinen Sent: Wednesday, 19 September 2001 14:22 To: 'Gordon Smith'; robbie_gernandt(a)wilsonandhorton.co.nz; nznog(a)list.waikato.ac.nz Subject: RE: [jim(a)cyberjunkees.com: Re: FW: Worm probes]
:: :: Thats not many at all... :: :: Match: protocol http url "*cmd.exe*" (1583) :: 1029 packets, 137739 bytes :: 5 minute rate 4000 bps :: Match: protocol http url "*root.exe*" (1587) :: 250 packets, 27846 bytes :: 5 minute rate 1000 bps :: :: Last couple of mins... (just cleared the counters)
# grep -c cmd.exe error_log 1039
Hmmm...
Is there any chance of ISPs introducing port filtering to protect customers from these things?
Ideally, I'd like an HTTPS Web page so that you could turn it on and off...
-- Juha
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog