[40344] in North American Network Operators' Group
Blocking Code Red and other HTTP Hacks using NBAR
daemon@ATHENA.MIT.EDU (Scott Frisby)
Tue Aug 7 13:13:00 2001
From: "Scott Frisby" <sfrisby@cisco.com>
To: <nanog@merit.edu>
Cc: <rbenn@cisco.com>
Date: Tue, 7 Aug 2001 10:16:04 -0700
Message-ID: <NCBBJJMHNMHCKBBLEDPOOEDGBEAB.sfrisby@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_002C_01C11F29.F76F47F0"
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_002C_01C11F29.F76F47F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This solution will be posted on CCO in the next day or so and will be
referenced in the Cisco's Security Advisory as well.
http://iponeverything.net/CodeRed.html
You comments and thoughts are welcome - My thought is that this solution
would really be useful on managed customer prem routers to block both
inbound and more effectively outbound sessions to prevent code red
infection.
Please feel free to forward to customers. I will follow up with the
official CCO release.
Also policing and droping on conformance will work as well.
Regards,
Scott E. Frisby CCIE # 5059
Product Manager - NBAR
Enterprise Solutions Engineering
C i s c o S y s t e m s
Voice: (408) 853-7018
Pager: 1-800-365-4578
Pager: 1-800-796-7363 p1032646
e-mail: sfrisby@cisco.com
e-page: sfrisby@epage.cisco.com
------=_NextPart_000_002C_01C11F29.F76F47F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4616.200" name=3DGENERATOR></HEAD>
<BODY>
<DIV>
<DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001>This =
solution will=20
be posted on CCO in the next day or so and will be referenced =
in the=20
Cisco's Security Advisory as well.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D240463207-07082001></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001><A=20
href=3D"http://iponeverything.net/CodeRed.html">http://iponeverything.net=
/CodeRed.html</A></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D240463207-07082001></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001>You =
comments and=20
thoughts are welcome - My thought is that this solution =
would <SPAN=20
class=3D245313316-07082001>really </SPAN>be useful on managed customer =
prem=20
routers to block both inbound and more effectively outbound =
sessions to=20
prevent code red infection. </SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001>Please =
feel free to=20
forward to customers. I will follow up with the official CCO =
release.=20
</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D240463207-07082001></SPAN></FONT> </DIV>
<DIV><SPAN class=3D240463207-07082001></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001><SPAN=20
class=3D245313316-07082001>Also policing and droping on conformance will =
work as=20
well.</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D240463207-07082001><SPAN=20
class=3D245313316-07082001></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D240463207-07082001>Regards,</SPAN></FONT></DIV></DIV></DIV>
<P><FONT size=3D2>Scott E. Frisby CCIE # 5059<BR>Product Manager -=20
NBAR<BR>Enterprise Solutions Engineering<BR>C i s c o S y s t e m=20
s<BR><BR>Voice: (408) 853-7018<BR>Pager: 1-800-365-4578<BR>Pager: =
1-800-796-7363=20
p1032646<BR>e-mail: sfrisby@cisco.com<BR>e-page:=20
sfrisby@epage.cisco.com<BR></FONT></P>
<DIV> </DIV></BODY></HTML>
------=_NextPart_000_002C_01C11F29.F76F47F0--
