Hi Below link shows how a Cisco router can protect the network from nimda sort of viruses which contains most of the attacks on cmd.exe with network based application recognition. Thats not all, it recognizes many http based attacks. http://www.cisco.com/warp/public/63/nimda.shtml
details on network based application recognition can get from the link below http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 limit/121e/121e2/nbar2e.htm Regards Vishal -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Moore Sent: Wednesday, May 01, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: catching cmd.exe Is there a way to filter all http requests at port 80 that include the 'cmd.exe' directive? I would prefer to simply reject these packets at the router level. The router in question allows compares of packet data but the instructions on use are rather cryptic (including masks and hex offsets). Alternatively, perhaps there is an intrusion detection system that could catch this? I need an NT solution. Thanks in advance Steve Moore _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
