Re: Using NBAR to block Nimda

[Strata Rose Chalup <strata () virtual net>]

I've been collecting the blocking info from today and yesterday's
nanog onto a page:

http://kgate.virtual.net/cgi-bin/wiki.cgi?action=Browse&id=NIMDAWormBlocking

So far:
     snort 
     Squid 
     ipfw ruby script 
     procmail rulesets 
     F5 Big IP 
     Nortel/Alteon topology trap 
     Cisco NBAR 
     Cisco CSS11K, Cisco Content Engine 
     apache (updated w/mod_throttle info) 
     iptable deny 

SRC

Matt Martini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Does anyone have a comprehensive filter to stop Nimda using Cisco's NBAR?
>
> Matt
>
> __________________________ http://www.invision.net/ _______________________
>
>  Matthew E. Martini, PE        InVision.com, Inc.   (631) 543-1000 x104
>  Chief Technology Officer      matt () invision net    (631) 864-8896 Fax
> _______________________________________________________________________pgp_
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i
>
> iQEVAwUBO6ke4GtXn16/JS7ZAQEUoAgAjvwY/fnoJmtmMke03I8uOIxDNUzGqX+e
> sP5L9Fcekg4qKF7Jix4dW+Hk+jZuwp0cSHwRsiGswqIHgHZVjRjliMD4QTjDO4FU
> vYUSKM4nedZhTBjIDlMp3AT9BfLjI1pV1tzYbo2L8otMGdeO3Iv/Ymd+LGZx22Fl
> eNvIOE+LzfipupFcA12AXstJvTH9QZ4Vuzap7ckxzA5NrTXtWphhjiLX0gKqlTsc
> aXp/oL/UfzMps7LiF+my2OsKCBIjyA+mLon0qdS5vs8rGtuES3wADmX/sDF8wuhr
> 9LFpI2VmM5JcrjwwEZIfc5Iq6M4h0so3nfwJDyBh0x5cDlDNimWH6w==
> =+Ucd
> -----END PGP SIGNATURE-----

-- 
========================================================================
Strata Rose Chalup [KF6NBZ]                      strata "@" virtual.net
VirtualNet Consulting                            http://www.virtual.net/
 ** Project Management & Architecture for ISP/ASP Systems Integration **
=========================================================================