[plug] Blocking of Port 80

Arkem arkem at mornmist.2y.net
Wed Aug 15 10:01:09 WST 2001 

On Wed, 15 Aug 2001, Craig Foster wrote:
> 
> OK dumb question may follow...
> 
> Apart from size, what characteristics are you using to identify CR
> packets?
> BTW this is happened to a friend outside of iiNet, whose ISP said they're
> not filtering...
> Trust Microsoft to screw things up for everybody else...

First of all it would always be an inbound connection on port 80. The
actual request looks like this:

61.155.204.205 - - [12/Aug/2001:08:57:21 +0800] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 205

Though this is a sample of a code red II request (copied from my
logs) Code red I used NNN instead of XXX I don't know about code red
III. I'm not sure exactly how the filtering would work but the best
way (if it were possible) would be to block any incoming html GET
requests for the file /default.ida but the easiest (at a per-ISP
basis) would be to block all incoming port 80 requests which is a
viable solution if your ISP doesn't want you hosting a web server
anyway. Several cable/adsl providers in the US did that and pissed
people off to no end and was reported on Slashdot.

Regards Paul Chamberlain

More information about the plug mailing list