hi which one is the best solution to resolve this issue: experiencing denial of services attacks using with NBAR
calss-map match-any test match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" policy-map test class test set dscp 1 int fa0/1 ip nbar protocol-discovery =========> this command is required or not service-policy input test =============== class-map match-any CMAP_ATTACK match protocol http url "*default.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" class-map match-all NIMDA match dscp 1 match class CMAP-ATTACK policy-map SOLUTION class NIMDA drop int fa0/1 service-policy input SOLUTION ip nbar protocol-discovery <----------- this command is important or not ??? no sh
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
