[Emerging-Sigs] Nginx
Matt Jonkman
jonkman at jonkmans.com
Wed Mar 26 13:45:40 EST 2008
Threshold's a good idea. Thanks
Posting something momentarily.
Matt
RPG wrote:
> I'm all for it but I'd recommend adding a threshold to it.
>
> Matt Jonkman wrote:
>> There's been some discussion f late about the incredibly high percentage
>> of nginx instances that serve malware. Storm and the RBN like to use it
>> quite often.
>>
>> But it's not 100% hostile. (I'd guess 90%)
>>
>> I'd like to put a rule up for it, just put it in th epolicy section and
>> call it suspicious. Anyone have a better idea?
>>
>> matt
>>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list