Blocking Code Red and other HTTP Hacks using NBAR

• Previous message (by thread): fire on MIT campus affecting LCS and W3C
• Next message (by thread): anybody seen this? (POST /PAV_REL HTTP/1.0)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This solution will be posted on CCO  in the next day or so and will be
referenced in the Cisco's Security Advisory as well.

http://iponeverything.net/CodeRed.html

You comments and thoughts are welcome -  My thought is that this solution
would really be useful on managed customer prem routers to block both
inbound and more effectively outbound sessions to prevent code red
infection.
Please feel free to forward to customers.  I will follow up with the
official CCO release.

Also policing and droping on conformance will work as well.

Regards,
Scott E. Frisby CCIE # 5059
Product Manager - NBAR
Enterprise Solutions Engineering
C i s c o  S y s t e m s

Voice: (408) 853-7018
Pager: 1-800-365-4578
Pager: 1-800-796-7363 p1032646
e-mail: sfrisby at cisco.com
e-page: sfrisby at epage.cisco.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010807/8bad0241/attachment.html>

• Previous message (by thread): fire on MIT campus affecting LCS and W3C
• Next message (by thread): anybody seen this? (POST /PAV_REL HTTP/1.0)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]