[49852] in North American Network Operators' Group
RE: Just an FYI - Apache Worm on the loose
daemon@ATHENA.MIT.EDU (Robert Boyle)
Thu Jul 11 00:35:43 2002
Date: Thu, 11 Jul 2002 00:35:07 -0400
To: nanog@nanog.org
From: Robert Boyle <robert@tellurian.com>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA/zNkI7d3EEm
n3+v5DgN/l8KAAAAQAAAAV+fTTLOtREqSDR6KJfx/MAEAAAAA@isprime.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 06:42 PM 7/10/2002 -0400, Phil Rosenthal wrote:
>If you want to be really proactive... Just filter out port 80, and then
>you can't get hacked...
That's simply not true! The command below will make your IP based network
completely secure from outside attack. You need to issue this command on
all IOS based routers. Start at the edges and work your way into the core
to which you must be connected via some out of band method preferably a
modem connected to the console port.
core# conf t
core(config)# no ip routing
This will secure your network against this Apache worm for sure!
Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Good will, like a good name, is got by many actions, and lost by one." -
Francis Jeffrey
