|
|
IPFW
First of all, there is no need to block it. Since you don't use Microsoft IIS, it does absolutely no harm to you. What you see is much like a ping command, the worm is doing two things at once: 1) if the remote host responds to the HTTP command, it inoculates that system, 2) if the remote host does not respond it forgets about that host and moves on. Anyone that is not running IIS just sends back a 404 Not Found command, as if someone was trying to go to a web page on your server that wasn't there.
Second, as I said before, the worm sends an HTTP command to port 80. If you want to firewall anything to prevent these 404 Not Found errors because of the Code Red worm, all you have to do is firewall port 80, aka your web server. Of course, doing that means that the outside world wouldn't be able to access your web server at all, so you may as well just shut it down in the Network Preferences for that matter.
So, if you want to stop your web server from being asked for documents that do not exist (god forbid!), simply shut it down. In summary, CODE RED DOES NOT AFFECT ANYTHING APPLE WHATSOEVER, there is absolutely no reason to do anything to your computer in response to it!
-Lucas
http://www.rufy.com/
Snort
Yes Lucas, I know it's not a threat to my system. I said so in my original post, but it can't help to let people know not to worry. The reason I'm trying to do this is because I'm sick of my Apache logs getting bloated. I'm going to try installing snort with flexresp and see if I can just kill it by content filtering. There's a lot of variants out now and there's the eeye test as well. I'm averaging 8 per hour if I set my server up on a new static ip that's never had a server on it. The new version is worse because it only looks outside of your address range 12.5% of the time and it's only going to increase. What are you averaging?
IPFW
Bloated? If 8 entried/hour "bloats" your apache logs, why are you running apache at all, it seems like absolutely nobody is using it. In the 7,829 lines of my log, 20 of those are 404s from Code Red and 79 are 404s in general. And this is my home computer/developer computer, not my main server.
Recent data
Woops, those where old logs, here are the numbers since April 4th: |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.16 seconds |
|