Blocking all access to port 80? ... must be nice to have that much leeway in
what you are able to block.
There are free scanners available to scan entire class-c equivalent network
blocks for vulnerable &/or infected systems ... run
it, then patch/repair/reboot those machines.
Thanks!
TJ
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 15, 2001 4:06
To: [EMAIL PROTECTED]
Subject: Re: Re: CODE RED protection ! ! ! [7:15989]
my company just got hit by code red last week. the only logical thing to
deploy on your routers is to block all access to port 80 in and out of all
the interfaces by ACL.
Unless you have the luxury of running IOS 12.1 and above on all your
routers, you will not be able to use NBAR. Deployed the ACLs onto all
interfaces to control all port 80 traffic.
Use "ip route-cache flow" and "show ip cache flow" on your interfaces to
detect the IP addresses that are propagating http traffic to port 80. You
will have to look out for port 0050 under destination port when you perform
a "show ip cache flow".
Cheers.
----- Original Message -----
From: "Dennis Bailey"
To: [EMAIL PROTECTED]
Sent: Tue, 14 Aug 2001 15:34:19 -0400
Subject: Re: CODE RED protection ! ! ! [7:15989]
Depending upon the router platform you can use NBAR.
I am just really depressed right now because there are costumers getting
involved in our business. I knew I wasn't the only one who liked to get
dressed up but now think of the pressure that there will be with
professionals out there......
""Hamid"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group
>
> I have some costumers whom I belive are infected with CODE RED. Any ideas
> how I can deny any traffic related to CODE RED on my router?
>
> Thanks
>
> Hamid
--
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
____________________________________________________________________________
____
Check any e-mail over the Web for free at MailBreeze
(http://www.mailbreeze.com)
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16154&t=15989
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
