Re: Re: CODE RED protection ! ! ! [7:15989]

Wed, 15 Aug 2001 03:11:32 -0700 

There are a couple links that discuss how do this but require features like
NBAR to be sucessful.  However, I do not see a link anywhere in this reply,
so here goes.

http://www.iponeverything.net/CodeRed.html
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

Hope those help.

-- Kevin

> Hi
>
> The problem is that I do have web servers on my network, blocking port
> 80 would stop these web servers .
>
> Hamid
> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> my company just got hit by code red last week. the only logical thing
>> to deploy on your routers is to block all access to port 80 in and out
>> of all the interfaces by ACL.
>>
>> Unless you have the luxury of running IOS 12.1 and above on all your
>> routers, you will not be able to use NBAR. Deployed the ACLs onto all
>> interfaces to control all port 80 traffic.
>>
>> Use "ip route-cache flow" and "show ip cache flow" on your interfaces
>> to detect the IP addresses that are propagating http traffic to port
>> 80. You will have to look out for port 0050 under destination port
>> when you
> perform
>> a "show ip cache flow".
>>
>> Cheers.
>>
>> ----- Original Message -----
>> From:  "Dennis Bailey"
>> To:  [EMAIL PROTECTED]
>> Sent: Tue, 14 Aug 2001 15:34:19 -0400
>> Subject:  Re: CODE RED protection ! ! ! [7:15989]
>> Depending upon the router platform you can use NBAR.
>>
>>  I am just really depressed right now because there are costumers
>>  getting
>> involved in our business.  I knew I wasn't the only one who liked to
>> get dressed up but now think of the pressure that there will be with
>> professionals out there......
>>
>>
>> ""Hamid""  wrote in message
>> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> > Hi group
>> >
>> > I have some costumers whom I belive are infected with CODE RED. Any
> ideas
>> > how I can deny any traffic related to CODE RED on my router?
>> >
>> > Thanks
>> >
>> > Hamid
>> --
>> FAQ, list archives, and subscription info:
>> http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>>
>
____________________________________________________________________________
> ____
>> Check any e-mail over the Web for free at MailBreeze
>> (http://www.mailbreeze.com)
> Nondisclosure violations to [EMAIL PROTECTED]


--------------------
understand, v.:
To reach a point, in your investigation of some subject, at which
you cease to examine what is really present, and operate on the basis of
your own internal model instead.

-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16148&t=15989
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to