thanks for the info.
Richard Tufaro - MCSE - GSEC- CCNA
Network Engineer - Anda Inc.
[EMAIL PROTECTED]
>>> "Dennis H" 09/24 2:42 PM >>>
>From what I've seen each ip attempts 15 know vulnerabilities in IIS.
Normally they scan an address once so trying to block it after the fact will
do you little good and could cause trouble with legitimate traffic. I'd
suggest you create a map class and policy map to block based on url. Here's
a link with the info. It's geared towards code but with a little
modification it'll stop nimda...
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml
""Richard Tufaro"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> i said 25000 attempts, about 50 ips
>
> >>> "Dennis H" 09/24 11:36 AM >>>
> So you're saying you're going to try to stop over 25000 ips at the
firewall
> or router? Don't you think there might be a better approach? Maybe a
> map-class to stop requests to certain urls perhaps?
>
>
>
> ""Richard Tufaro"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > we have the same problem. I have over 25000 attempts to compromise
> servers.
> > Guess ill start blocking IP's at the firewall, or router.
> >
> > Richard Tufaro - MCSE - GSEC- CCNA
> > Network Engineer - Anda Inc.
> > [EMAIL PROTECTED]
> >
> > >>> "MJ" 09/24 8:43 AM >>>
> > I recently seen this tool from microsoft called
> > urlscan.
> > This seems to be good tool to save the IIS from the virus attack of
Nimda
> > and code red. But one problem is still there that lot of hackers are
> trying
> > to get in to the server and thus creating lot of traffic and choking up
my
> > leased lines.
> > Well how to combat this ?
> >
> >
> > Mukul
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20935&t=20887
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
