nanog mailing list archives

Blocking Code Red and other HTTP Hacks using NBAR

From: "Scott Frisby" <sfrisby () cisco com>
Date: Tue, 7 Aug 2001 10:16:04 -0700

This solution will be posted on CCO  in the next day or so and will be
referenced in the Cisco's Security Advisory as well.

http://iponeverything.net/CodeRed.html

You comments and thoughts are welcome -  My thought is that this solution
would really be useful on managed customer prem routers to block both
inbound and more effectively outbound sessions to prevent code red
infection.
Please feel free to forward to customers.  I will follow up with the
official CCO release.

Also policing and droping on conformance will work as well.

Regards,
Scott E. Frisby CCIE # 5059
Product Manager - NBAR
Enterprise Solutions Engineering
C i s c o  S y s t e m s

Voice: (408) 853-7018
Pager: 1-800-365-4578
Pager: 1-800-796-7363 p1032646
e-mail: sfrisby () cisco com
e-page: sfrisby () epage cisco com

Current thread:

Blocking Code Red and other HTTP Hacks using NBAR Scott Frisby (Aug 07)