Hi Gents,
Configuration below is mitigating slammer worm attack...but where i have
problem
in this configuration is at the SIZE 4 keyword i dont know if anybody has a
hint
for this? Beside i have gone through several FPM tasks and still come across
this size thing...
load protocol disk0:ip.phdf
load protocol disk0:udp.phdf
!
class-map type stack match-all ip-udp
description "match UDP over IP packets"
match field ip protocol eq 0x11 next udp
!
class-map type access-control match-all slammer
description "match on slammer packets"
match field udp dest-port eq 0x59A
match field ip length eq 0x194
match start l3-start offset 224 size 4 eq 0x04011010
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
