Mac OS X | Security / Privacy | Other Security / Privacy | The Little Dutch Moose

The Little Dutch Moose - 10.3 2A82

Protects Web servers from worms

Download Now

(File Size: 1.9M)

Free Product Alerts!

All Time:	(4.8)
This Version:	Not rated (0.0)
Current Version:	10.3 2A82
Release Date:	2002-07-13
License:	Commercial
Downloads (this version):	1,478
Downloads (all versions):	2,733
Price:	$25.00

Information Related to Version:

Broken Link? Newer Version? Tell us!

Product Description:

OK you've got Mac OS X. so you're protected from Code Red, from Nimda and probably a lot of other Windows NT viruses/worms out there (and yet to come), or are you... Even with Mac OS X and Apache, your system bandwidth is clogged by handling each and every one of these illegal messages. An incoming server makes an illegal request such as: /root.exe ... and your Apache replies with: "I don't know what you're talking about", the infected host doesn't go away, but returns again and again and again. Your uninfected server is bogged down rejecting bogus messages from infected systems. Your bandwidth usage goes up, and if you're on a plan that charges more after a certain usage, your costs go up, too.

The Little Dutch Moose plugs those holes. Figuring that the infected system is no friend of yours, when The Little Dutch Moose finds a site that is attempting to contract your server with a worm-like or virus-like command, Little Dutch Moose immediately issues an order to your built-in firewall to automatically shut the door on that host. These sites go away for good. Your web server should spin its cycles dealing with requests that it wants to deal with.

Little Dutch Moose can also protect you from the unthinkable - an Apache worm As soon as the distinguishing signature of an Apache worm is known, Little Dutch Moose can be on the lookout for that, too!

What's new in this version:

The new release of Little Dutch Moose includes a new configuration panel that allows you to define request header traps in order to trap and block the new as yet unnamed Apache worm.

Re-labeled "Attack Signatures" configuration panel to "Request Attack Signatures".
Added "Request Header Signatures" panel to configuration. This panel allows you to enter tags for requests headers and data that you which to disallow. When the systems preferences pane is run the first time it will add a know set of tags. You should stop and stop Apache after opening the Preferences the first time after using our sw update. If you using the installer wizard to update this will be done for you.
Added option to the signatures panel to allow rejection of all chunked requests. Check it to trap all chunked requests. Make sure you have used Apple SW Update to update your Apache server as well. This option is on the new "Request Header Signatures" panel. This option is unecessary if the "Request Header Signatures" list contains the entry "Transfer-Encoding:chunked".
Reset the evaluation version allowing an extension of the trial period. This is so that non-customers can utilize the Apache worm trap.
Added special handling to help with attacks that try and maintain a connection to the server even if the attack fails. These eventually become denial, of service attacks if the session is not released.
A word about our software update system. Although the WunderMoosen Software Update system (Moose Update) looks similar to the system used by Apple our system has always used digital signatures on the updates which are not easily spoofed. (This is something that Apple has only recently implemented.) Even if someone were to spoof our update server address and trick you into downloading a fake update the update would not be installed and it would be deleted as soon as downloaded due to an incorrect digital signature. When we designed this system, security was our primary concern, so we used a custom proprietary digital signature which is based on RSA technology. Only we possess the utilities to compute our updates signatures.

Operating System Requirements:

This product is designed to run on the following operating systems:

Mac OS X 10.1

Additional Requirements:

Mac OS X 10.1.2 or higher

Feedback Summary:

This Version:
Overall Rating:	Not rated (0.0)	Features:	Not rated (0.0)	Support:	Not rated (0.0)
Ease of Use:	Not rated (0.0)	Quality / Stability:	Not rated (0.0)	Price:	Not rated (0.0)

Key to Types of Feedback:

Reviews Reviews Troubleshooting Usage Tips Developer Notes Commentary Featured Reviews

Moments after I… - Version: 10.1 2A52, 3/13/2002 07:23PM PST

sjk

first started Apache on my iBook the attempted worm attacks started, even before I'd had a chance to do my own testing. I shut down the server and grumbled about how I was going to deal with this. Soon after that LDM appeared, and it looked like just the solution I'd been hoping for. Finally installed and started testing it yesterday. So far it's been fully effective. I wasn't able to restart the daemon after stopping it from the PreferencePane, there was trouble getting "ignore" working on the Attacks pane, and the LDM Internal SMTP Mailer didn't work. I've since rebooted and haven't retested those glitches since I'm happy just to let LDM keep blocking the attackers, which dribble in about once an hour. From a user's standpoint, LDM is a simple, clean design and implementation. Destructive critics who spam VT reviews should be ignored -- don't feed them and they'll starve and die. Good work, Moose!

It's by the… - Version: 10.1 2A52, 3/1/2002 08:31AM PST

RAngol

Moose = gotta be good.

Very well done!… - Version: 10.1 2A45, 2/23/2002 01:23PM PST

bradfreeman

And they have many other cool products available at their website! I will buy LDM and others on payday.