RE: Re: CODE RED protection ! ! ! [7:15989]

Wed, 15 Aug 2001 00:54:28 -0700 

have your check this link


http://www.cisco.com/warp/public/63/ts_codred_worm.shtml

Thanks

Erwin

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, August 15, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: Re: Re: CODE RED protection ! ! ! [7:15989]


my company just got hit by code red last week. the only logical thing to
deploy on your routers is to block all access to port 80 in and out of all
the interfaces by ACL.

Unless you have the luxury of running IOS 12.1 and above on all your
routers, you will not be able to use NBAR. Deployed the ACLs onto all
interfaces to control all port 80 traffic.

Use "ip route-cache flow" and "show ip cache flow" on your interfaces to
detect the IP addresses that are propagating http traffic to port 80. You
will have to look out for port 0050 under destination port when you perform
a "show ip cache flow".

Cheers.

----- Original Message -----
From:  "Dennis Bailey"
To:  [EMAIL PROTECTED]
Sent: Tue, 14 Aug 2001 15:34:19 -0400
Subject:  Re: CODE RED protection ! ! ! [7:15989]
Depending upon the router platform you can use NBAR.

 I am just really depressed right now because there are costumers getting
involved in our business.  I knew I wasn't the only one who liked to get
dressed up but now think of the pressure that there will be with
professionals out there......


""Hamid""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group
>
> I have some costumers whom I belive are infected with CODE RED. Any ideas
> how I can deny any traffic related to CODE RED on my router?
>
> Thanks
>
> Hamid
--
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

____________________________________________________________________________
____
Check any e-mail over the Web for free at MailBreeze
(http://www.mailbreeze.com)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16142&t=15989
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to