[44042] in North American Network Operators' Group
Nimba Question.
daemon@ATHENA.MIT.EDU (Gyorfy, Shawn)
Thu Nov 1 12:12:02 2001
Message-ID: <ED659EFBBAB8D511AE3E00508BD9392B0B87E0@EXNY1>
From: "Gyorfy, Shawn" <sgyorfy@elinkny.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Thu, 1 Nov 2001 12:12:07 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C162F8.55E35DA0"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C162F8.55E35DA0
Content-Type: text/plain
Hey what's going on?
Question for you all. We are a BLEC, we give each building a T1 and router
and back haul the circuit to our NOC were we distribute the packets to our
service providers. The problem I see, some of our clients in the building,
there computers are infected with the NIMBA virus / Code Red. I get emailed
from firewall administrators about the possible port scan, and then I
disconnect the customer until he updates his servers and cleans them. I was
wondering if I can do anything on my end to prevent the Nimba going out on
my end. I have been reading about Cisco's NBAR feature with class maps but
I don't want to put that on the core because it will kill the box (Cisco 10K
ESR, (2) 7507, (2) 7206). Plus cisco stated that it can only hand 24
concurrent web hits. So that's out. I was also thinking about putting that
on the building routers but 75% aren't Cisco, they are Lucent Access Points.
Any suggestions would be appreciated.
shawn.
------_=_NextPart_001_01C162F8.55E35DA0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C162CE.26D89E00">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hey what's going on?<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Question for you =
all.</span></font></span><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-spacerun:yes'> </span>We are a BLEC, we give each =
building a
T1 and router and back haul the circuit to our NOC were we distribute =
the
packets to our service providers. <span =
style=3D'mso-spacerun:yes'> </span>The
problem I see, some of our clients in the building, there computers are
infected with the NIMBA virus / Code Red.<span =
style=3D'mso-spacerun:yes'>
</span>I get emailed from firewall administrators about the possible =
port scan,
and then I disconnect the customer until he updates his servers and =
cleans
them.<span style=3D'mso-spacerun:yes'> </span>I was wondering if =
I can do
anything on my end to prevent the <span class=3DSpellE>Nimba</span> =
going out on
my end. <span style=3D'mso-spacerun:yes'> </span>I have been =
reading about
Cisco's NBAR feature with class maps but I don't want to put that
on the core because it will kill the box (Cisco 10K ESR, (2) 7507, (2) =
7206). <span
style=3D'mso-spacerun:yes'> </span>Plus <span =
class=3DSpellE>cisco</span>
stated that it can only hand 24 concurrent web hits. So that's =
out.<span
style=3D'mso-spacerun:yes'> </span>I was also thinking about =
putting that
on the building routers but 75% aren't Cisco, they are Lucent Access =
Points.<span
style=3D'mso-spacerun:yes'> </span>Any suggestions would be =
appreciated.<span
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font =
size=3D2
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>shawn</span></font></span><=
/span><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>. <span
style=3D'mso-spacerun:yes'> </span><o:p></o:p></span></font><=
/p>
</div>
</body>
</html>
------_=_NextPart_001_01C162F8.55E35DA0--
