Re: Re: CODE RED protection ! ! ! [7:15989]

Wed, 15 Aug 2001 02:01:27 -0700 

Hi

The problem is that I do have web servers on my network, blocking port 80
would stop these web servers .

Hamid
 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> my company just got hit by code red last week. the only logical thing to
> deploy on your routers is to block all access to port 80 in and out of all
> the interfaces by ACL.
>
> Unless you have the luxury of running IOS 12.1 and above on all your
> routers, you will not be able to use NBAR. Deployed the ACLs onto all
> interfaces to control all port 80 traffic.
>
> Use "ip route-cache flow" and "show ip cache flow" on your interfaces to
> detect the IP addresses that are propagating http traffic to port 80. You
> will have to look out for port 0050 under destination port when you
perform
> a "show ip cache flow".
>
> Cheers.
>
> ----- Original Message -----
> From:  "Dennis Bailey"
> To:  [EMAIL PROTECTED]
> Sent: Tue, 14 Aug 2001 15:34:19 -0400
> Subject:  Re: CODE RED protection ! ! ! [7:15989]
> Depending upon the router platform you can use NBAR.
>
>  I am just really depressed right now because there are costumers getting
> involved in our business.  I knew I wasn't the only one who liked to get
> dressed up but now think of the pressure that there will be with
> professionals out there......
>
>
> ""Hamid""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi group
> >
> > I have some costumers whom I belive are infected with CODE RED. Any
ideas
> > how I can deny any traffic related to CODE RED on my router?
> >
> > Thanks
> >
> > Hamid
> --
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
____________________________________________________________________________
____
> Check any e-mail over the Web for free at MailBreeze
> (http://www.mailbreeze.com)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16145&t=15989
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to