Ohhhhhhhhh yeah....didn't notice the mentioned version #. I'm still looking
but not having any luck yet. It may be time to upgrade IOS....
----- Original Message -----
From: "Patrick Ramsey"
To: ;
Sent: Friday, August 24, 2001 9:28 AM
Subject: Re: Code Red ! [7:16950]
> the only problem is that he doesn't have the code to support it.
>
> >>> "Allen May" 08/24/01 10:13AM >>>
> Learn to use the search engine on cisco.com. It's a very valuable tool.
> Searching for
> +"code red" +block
> yielded many results, including this one:
> http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml
>
> Additional Workarounds for Handling "CodeRed" Traffic
>
> Utilize the NBAR feature in supported Cisco IOS Software versions to aid
in
> "Code Red" traffic identification and mitigation. This is discussed in
> detail at http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml This
> workaround is applicable in Cisco IOS Software version 12.1(5)T and later
> for many platforms.
> Classify inbound Code Red traffic with the class-based marking feature in
> IOS.
>
> Router(config)#class-map match-any http-coderedRouter(config-cmap)#match
> protocol http url "*default.ida*"Router(config-cmap)#match protocol http
url
> "*cmd.exe*"Router(config-cmap)#match protocol http url "*root.exe*"
> Mark inbound Code Red traffic with a policy map.
> Once the inbound traffic has been classified as Code Red, it can be marked
> with a specific DSCP. For this example, a decimal value of '1' is used as
it
> is unlikely that any other traffic would be marked with this DSCP.
>
> Router(config)#policy-map
mark-inbound-http-coderedRouter(config-pmap)#class
> http-coderedRouter(config-pmap)#set ip dscp 1
> Apply the service policy to the 'outside' interface so inbound traffic
will
> be marked.
> Router(config)#int e 0/1Router(config-if)#service-policy input
> mark-inbound-http-codered
> Block marked Code Red attempts with an ACL. The ACL will match on the DSCP
> value of '1' that was marked as the Code Red attempt entered in the box.
> Router(config)#access-list 105 deny ip any any dscp 1
> logRouter(config)#access-list 105 permit ip any any
> Apply it outbound on the 'inside' interface where the target web servers
> are.
> Router(config)#int e 0/1Router(config-if)#ip access-group 105 out
>
> ----- Original Message -----
> From: "shella kevin"
> To:
> Sent: Friday, August 24, 2001 6:21 AM
> Subject: Re: Code Red ! [7:16950]
>
>
> > Hey, experts ............ any comments ? I thought i will get some info
> > on code red here ..... but looks like nothing !
> >
> > shella
> >
> > >From: "shella kevin" >Reply-To: "shella kevin" >To:
[EMAIL PROTECTED]
> > >Subject: Code Red ! [7:16950] >Date: Thu, 23 Aug 2001 04:55:48 -0400 >
> > >I am using cisco7200 series router with Version 12.0(9)S, is there
> > >anyway I can stop/block Code Red on router level ? > > > >Any other
> > suggestions ? > > > >Thanks > >Shella K. >
> >
>------------------------------------------------------------------------
> > > >Get your FREE download of MSN Explorer at http://explorer.msn.com > >
> > misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > ------------------------------------------------------------------------
> >
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17124&t=16950
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
