Geoff,
Thats exactly the method that was mentioned earlier...The solution
they have proposed is designed to work in conjunction with the Microsoft
patch to block the Code Red HTTP GET requests at a network ingress point. It
looks for keywords and blocks if it finds a match. Here is an example
Router(config)#class-map match-any http-hacks
Router(config-cmap)#match protocol http url "*default.ida*"
Router(config-cmap)#match protocol http url "*cmd.exe*"
Router(config-cmap)#match protocol http url "*root.exe*"
This is obviously not fool proof, but does the job for the most part....
Santosh Koshy
""Geoff Zinderdine"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> There is no method sufficiently granular to stop Code
> Red or CodeRed II using ACLs without blocking all
> related non-attack traffic... what you really need is
> a stateful firewall that can block http GET requests
> that contain "default.ida".
>
> Geoff Zinderdine
> CCNP MCP CCA
> MTS Communications
>
> --- william gannon wrote:
> > How would you block code red with CEF and NBAR?
> >
> > On Sun, 5 Aug 2001 19:28:10 -0400, Santosh Koshy
> > wrote:
> >
> > > Depends on your edge router........ you need a
> > router that supports CEF &
> > > NBAR (3600, 7000, e.t.c.) with IOS 12.1(5) T or
> > higher
> > >
> > > Thanks,
> > > Santosh
> > >
> > > ""Russ Kreigh"" wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >
> _______________________________________________________
> > Send a cool gift with your E-Card
> > http://www.bluemountain.com/giftcenter/
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14990&t=14967
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
