Hi all - haven't seen anyone mention this in the archives for the last
day or so; I hope I'm not rehashing something that's already been discussed.
Our dialup users who have not yet patched their systems with the recent
MS security update are now finding that their machines get shut down
whenever they connect to the Internet; this makes it somewhat difficult
for them to d/l the latest security patch.
Fix I've applied locally has been to add the following to our users file:
DEFAULT Service-Type == Framed-User
Cisco-AVpair += "ip:inacl#5=deny tcp any any eq 4444",
Cisco-AVPair += "ip:inacl#10=deny tcp any any eq 135",
Cisco-AVPair += "ip:inacl#15=deny udp any any eq 69",
Cisco-AVPair += "ip:inacl#98=permit icmp any any",
Cisco-AVPair += "ip:inacl#99=permit ip any any",
Fall-Through = Yes
This probably denies more than is necessary, and I don't have any
confirmation yet that it works. If someone more clueful than I in the
ways of Cisco ACLs and/or this particular worm can help refine this a
bit I'd appreciate it... just whacked it together in an hour based on
stuff found on the net so it may be completely wrong.
And if not, maybe the above is a useful starting point for other folks
in the same boat as us.
-Robert Tarrall.-
Unix System/Network Admin
E.Central/Neighborhood Link
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
