nanog mailing list archives
Re: Using NBAR to block Nimda
From: "Randy Benn" <rbenn () clark net>
Date: Wed, 19 Sep 2001 22:25:32 -0400
The basics of using NBAR as an IDS can be found here: http://iponeverything.net/CodeRed.html The page above is specifically for Code Red, but the same technique can be used for blocking many different exploits. Just modify the class map as you like to block Nimda or anything else. Randy ----- Original Message ----- From: "Dan Hollis" <goemon () anime net> To: "Alex Yeung" <alyeung () cisco com> Cc: "Matthew E. Martini" <martini () invision net>; <nanog () merit edu> Sent: Wednesday, September 19, 2001 7:16 PM Subject: RE: Using NBAR to block Nimda
On Wed, 19 Sep 2001, Alex Yeung wrote:Look at the following two URLs and then combine the config: http://www.cisco.com/warp/customer/63/nimda.shtml http://www.cisco.com/warp/customer/63/nbar_acl_codered.shtmlcco login required, thanks anyway -- [-] Omae no subete no kichi wa ore no mono da. [-]
Current thread:
- Using NBAR to block Nimda Matt Martini (Sep 19)
- RE: Using NBAR to block Nimda Alex Yeung (Sep 19)
- RE: Using NBAR to block Nimda Dan Hollis (Sep 19)
- Re: Using NBAR to block Nimda R.P. Aditya (Sep 19)
- Re: Using NBAR to block Nimda Andrew Metcalf (Sep 19)
- RE: Using NBAR to block Nimda Rob Thomas (Sep 19)
- Re: Using NBAR to block Nimda Randy Benn (Sep 19)
- Re: Using NBAR to block Nimda Daniel Senie (Sep 19)
- RE: Using NBAR to block Nimda Dan Hollis (Sep 19)
- RE: Using NBAR to block Nimda Alex Yeung (Sep 19)
- Re: Using NBAR to block Nimda Strata Rose Chalup (Sep 19)