I pick this this up from bugtraq. Contact Kevin Saling at [EMAIL PROTECTED]
for more info.
"Please check with your Cisco SE or contact Cisco TAC _before_ you attempt
to
apply NBAR filtering techniques to your ingress routers. With the volume of
traffic I am seeing at my client sites, NBAR taxes the router cpu's heavily
and will likely result in an unstable router unless you have _serious_
horsepower.
I'm not going to speculate on minimum required horseys for your particular
router because there are too many variables. I will say that one client has
AT&T managed DS3's on 7200's. AT&T refuses to use NBAR to filter for worm
sigs on these routers given current traffic volume. I have escalated this
all the way up to the "product house" manager for the managed service and
they have proven to me beyond reasonable doubt that this will overtax the
router.
I have also spoken to an anonymous source at Cisco who claims that many of
his accounts have tried to use NBAR at the ingress point with varying levels
of success and side effects, but most are deciding it's too unstable.
Your readers would be wise to check with their Cisco contacts first!
...Kevin"
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
West, Karl
Sent: Friday, September 21, 2001 8:40 AM
To: [EMAIL PROTECTED]
Subject: Block Nimda Virus at the router level [7:20692]
Here is a page at Cisco on "How to Protect Your Network
Against the Nimda
Virus" and block it at the network level. Hope this helps.
http://www.cisco.com/warp/public/63/nimda.shtml
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20788&t=20692
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
