This may sound like a dumb question, but isn't it possible to filter out inbound http GET requests on port 80 from being passed on to client networks when the request is longer than N bytes, where "N" is something reasonable, like say 512? And if so, wouldn't this "cure" the CodeRed problem? -S Bob Tanner wrote: > > Quoting Steve Siegfried (sos at zjod.net): > > Folks, > > > > I was wondering why my WWW hit monitors suddenly went to zero. Then I > > checked and found out why: No hits. When I logged into my backup ISP and > > tried "lynx http://zjod.net", I got, "Unable to contact remote host." I also > > checked ftp, ssh, and telnet, which all worked. Only http access wasn't > > going through. > > I do agree with the measures they took. At 7pm CST today, Real Time had to do > the same thing, because of the load it was putting on the routers. The packet > storm was effecting all services at Real Time. > > I do -not- agree with how they went about it. They should have given you a heads > up on what they are doing. I posted to all Real Time clients saying we needed to > take this drastic measure to insure quality of service for everyone. Kind of the > few must suffer for the many. > > So, I disabled port 80 to all client networks. I then logged (and I'm still > logging) all the deny attempts. > > We are getting over 500 CR2 hits every 600 seconds on just 1 network alone. I am > now going through the data and punching holes into it to allow traffic to > linux/apache servers. > > > -- > Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 > http://www.mn-linux.org | Fax : (952)943-8500 > Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >