Appreciate all efforts. Thanks as usual to the OSL team.
It is simply 'VOLTRON' ! On Wed, Feb 9, 2011 at 8:09 AM, Tyson Scott <[email protected]> wrote: > You guys have to show it working ;). I am glad you posted this guys > because I was not sure. I had to test before commenting. > > > > R2(config-subif)#do sh policy-map int s0/1/0.256 out > > > > Serial0/1/0.256 > > > > Service-policy output: MQC > > > > Class-map: TESTURI (match-all) > > 13 packets, 3743 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: protocol http url "(*default\.ida|*cmd\.exe|*root\.exe)" > > drop > > > > Class-map: SECOND (match-any) > > 0 packets, 0 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: protocol http url "*default.ida*" > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > Match: protocol http url "default.ida" > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > drop > > > > Class-map: class-default (match-any) > > 447 packets, 48085 bytes > > 5 minute offered rate 3000 bps, drop rate 0 bps > > Match: any > > R2(config-subif)# > > > > It matched when doing tests of cmd.exe root.exe and default.ida > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Mark Senteza > *Sent:* Tuesday, February 08, 2011 8:02 PM > *To:* Jerome Dolphin > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] NIMDA regex to check !!! > > > > Try > > class-map CMAP_ATTACK > match protocol http url "(*default\.ida|*cmd\.exe|*root\.exe)" > > On Mon, Feb 7, 2011 at 1:14 PM, Jerome Dolphin <[email protected]> > wrote: > > I don't think so - IOS is not expecting a regular expression but rather a > string. > > > http://www.cisco.com/en/US/partner/docs/ios/qos/command/reference/qos_m1.html#wp1058795 > > *match protocol http* [*url* *url-string *...] > > > On Sat, Feb 5, 2011 at 10:45 PM, kamran shakil <[email protected]> > wrote: > > if i have to match strings in URL , is the following correct and does the > same: > > match protocol http url "(.*ida*|(cmd|root).exe)" serves the same > purpose as below: > > > class-map match-any CMAP_ATTACK > match protocol http url "*default.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
