Maybe Im mistaken on this, Correct me if im wrong, But isn't the code red
worm exploiting a buffer overflow on MS Index server and from there
infecting IIS.
Shouldn't disabling MS Index Server resolve this ??? or remove the potential
problem by removing the offending ISAPI filters, or even better Patch it
with the hotfixs available and scan you network with the code red scanner
regularly to ensure the problem has actually been addressed.
D
-----Original Message-----
From: Hamid [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 15, 2001 10:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Re: CODE RED protection ! ! ! [7:15989]
Hi
The problem is that I do have web servers on my network, blocking port 80
would stop these web servers .
Hamid
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> my company just got hit by code red last week. the only logical thing to
> deploy on your routers is to block all access to port 80 in and out of all
> the interfaces by ACL.
>
> Unless you have the luxury of running IOS 12.1 and above on all your
> routers, you will not be able to use NBAR. Deployed the ACLs onto all
> interfaces to control all port 80 traffic.
>
> Use "ip route-cache flow" and "show ip cache flow" on your interfaces to
> detect the IP addresses that are propagating http traffic to port 80. You
> will have to look out for port 0050 under destination port when you
perform
> a "show ip cache flow".
>
> Cheers.
>
> ----- Original Message -----
> From: "Dennis Bailey"
> To: [EMAIL PROTECTED]
> Sent: Tue, 14 Aug 2001 15:34:19 -0400
> Subject: Re: CODE RED protection ! ! ! [7:15989]
> Depending upon the router platform you can use NBAR.
>
> I am just really depressed right now because there are costumers getting
> involved in our business. I knew I wasn't the only one who liked to get
> dressed up but now think of the pressure that there will be with
> professionals out there......
>
>
> ""Hamid"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi group
> >
> > I have some costumers whom I belive are infected with CODE RED. Any
ideas
> > how I can deny any traffic related to CODE RED on my router?
> >
> > Thanks
> >
> > Hamid
> --
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
____________________________________________________________________________
____
> Check any e-mail over the Web for free at MailBreeze
> (http://www.mailbreeze.com)
**********************************************************************
The information contained in this message is confidential and
is intended for the addressee(s) only. If you have received
this message in error or there are any problems please notify
the originator immediately. The unauthorised use, disclosure,
copying or alteration of this message is strictly forbidden. This
message and any attachments have been scanned for viruses.
Orbiscom Ltd. will not be liable for direct, special, indirect or
consequential damages arising from alteration of the contents
of this message by a third party or as a result of any virus being
passed on.
www.Orbiscom.com
**************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16146&t=15989
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
