This one is sorta off topic, but I thought I'd ask the world anyway. I don't know how many users on this list are running production networks, but even those of you at home are surely seeing the effects of the Code Red worm. While I know that Cisco has a solution on their site for dropping http requests that are part of the Code Red attack pattern, it only runs on IOS routers. (And it works pretty well.) What my question is most likely is something that Cisco would have to answer, but here goes: I'm running several PIX-515UR firewalls, in conjunction with Websense filtering software. The basic function that is used here is to check the URL of the http request going through the PIX against the Websense server database, and either redirect the requestor to a different page, or drop the connection. I'm wondering two things: 1. Does anyone know if this URL check that passes the request to websense is something that is available elsewhere on the PIX? (Meaning can I code a db/filter app to check the incoming URL requests and drop packets, rather than the outbound requests?) 2. If the answer to 1 is in the negative, has anyone thought of hooking a PIX up backwards and filtering inbound URL's with websense? I don't know if this will work, as websense only looks at the site URL, not the page name, but it's something to look into. Just thoughts, but I'm curious to hear any responses. Andras Bellak Director, WAN Engineering [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17657&t=17657 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
