Re: Virus Attack and how to tackle it? [7:44936]

Fri, 24 May 2002 03:23:26 -0700 

You look this page from Cisco.

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml


I hope this help.

--
--
 Alfredo Pulido   [EMAIL PROTECTED]
CCDA
 Dept. Sistemas, IdecNet S.A.
 Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria,
 Las Palmas // SPAIN
 Tel: +34 828 111 000   Fax: +34 828 111 112
 http://www.idecnet.com/
--
""a. ahmad""  escribis en el mensaje
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear Members,
>
> 1-We are getting Virus attack message on our proxy(Squid)Machine not only
> from our own IP Pool but also from outside, Please guide how to tackle it
as
> it is constantly chocking our Bandwidth. i.e. one of the virus attack
> message we are getting on our proxy(squid) machine is as under:-
>
> 1022226226.976 5 202.192.204.130 TCP_Miss/503 1210 Get
> http://www/_mem_bin/..%255c../..%255../..%255../winnt/system32/cmd.exe? -
> DIRECT/www -
>
> 1022226228.156 6 202.192.204.130 TCP_Miss/503 1266 Get
>
http://www/msadc/..%255c../..%255c../..%255c../..%c1%1c../..%c1%1c../..%c1%1
c../winnt/system32/cmd.exe? - DIRECT/www -
>
> 1022226229.324 3 202.192.204.130 TCP_Miss/503 1170 Get
> http://www/Scripts/..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www -
>
> 1022226230.625 23 202.192.204.130 TCP_Miss/503 1170 Get
> http://www/Scripts/..%c0%2f../winnt/system32/cmd.exe? - DIRECT/www -
>
> 1022226231.841 8 202.192.204.130 TCP_Miss/503 1170 Get
> http://www/Scripts/..%c0%af../winnt/system32/cmd.exe? - DIRECT/www -
>
>
............................................................................
...................................................etc etc
>
> 2- we want to trace that which IP's are utilizing our maximum bandwidtth
so
> that we can limit that trafiic accordingly in order to get Maximum
efficiency?
>
> Thank you in advance!
> Ahmad




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44939&t=44936
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to