[42736] in North American Network Operators' Group
Re: Using NBAR to block Nimda
daemon@ATHENA.MIT.EDU (Randy Benn)
Wed Sep 19 22:26:38 2001
Message-ID: <001f01c1417b$871dbb20$1601010a@netpliance>
From: "Randy Benn" <rbenn@clark.net>
To: "Dan Hollis" <goemon@anime.net>, "Alex Yeung" <alyeung@cisco.com>
Cc: "Matthew E. Martini" <martini@invision.net>, <nanog@merit.edu>
Date: Wed, 19 Sep 2001 22:25:32 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
The basics of using NBAR as an IDS can be found here:
http://iponeverything.net/CodeRed.html
The page above is specifically for Code Red, but the same technique can be
used for blocking many different exploits. Just modify the class map as you
like to block Nimda or anything else.
Randy
----- Original Message -----
From: "Dan Hollis" <goemon@anime.net>
To: "Alex Yeung" <alyeung@cisco.com>
Cc: "Matthew E. Martini" <martini@invision.net>; <nanog@merit.edu>
Sent: Wednesday, September 19, 2001 7:16 PM
Subject: RE: Using NBAR to block Nimda
>
> On Wed, 19 Sep 2001, Alex Yeung wrote:
> > Look at the following two URLs and then combine the config:
> > http://www.cisco.com/warp/customer/63/nimda.shtml
> > http://www.cisco.com/warp/customer/63/nbar_acl_codered.shtml
>
> cco login required, thanks anyway
>
> --
> [-] Omae no subete no kichi wa ore no mono da. [-]
>
>
