Since the original question related to virus and certain ports, etc., here's a good reference to keep an eye on:
http://isc.incidents.org/ You'll notice which ports have the most activity by geographical region (there are marked differences). You can also look at the hyperlinks associated with each of the most frequently attacked ports as well as the links under ISC Analysis to particular exploits that are currently being seen frequently. This may help you with your manager, as it's not necessarily enough to understand what's happening across the router; you may need to know what's happening on the hosts, as well. HTH Annlee ""j k"" wrote in message news:[EMAIL PROTECTED] > hi pple, well the reason why i ask this is because, recently i was told by > my network manager that there is a virus which uses netbios (udp 137, tcp > 138 and tcp 139) as a transport and had acrosses the WAN from a spoke site > to a hub site. And i was told to put an ACL by blocking the above port on > the fastethernet interface, well i was kind of confuse as in, i remember > that netbios arnt routable across the WAN, IF, and i mean IF there is really > such virus uses this ports, they shouldnt be able to traverse to the other > site across the WAN rite?? And when i did some debug ip packet, the udp 136 > and or ofcourse the tcp138 and 139, was captured and dropped! at the > fastethernet interface and TR interface (i had place the ACL on both > fastether and TR) but when i place it on the serial, i dun see any udp 136 > at all!...i jus need some clarification from people at this forum here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71233&t=71084 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]