Home page logo
/

nanog logo nanog mailing list archives

Re: Using NBAR to block Nimda
From: "Randy Benn" <rbenn () clark net>
Date: Wed, 19 Sep 2001 22:25:32 -0400


The basics of using NBAR as an IDS can be found here:
http://iponeverything.net/CodeRed.html

The page above is specifically for Code Red, but the same technique can be
used for blocking many different exploits.  Just modify the class map as you
like to block Nimda or anything else.

Randy


----- Original Message -----
From: "Dan Hollis" <goemon () anime net>
To: "Alex Yeung" <alyeung () cisco com>
Cc: "Matthew E. Martini" <martini () invision net>; <nanog () merit edu>
Sent: Wednesday, September 19, 2001 7:16 PM
Subject: RE: Using NBAR to block Nimda



On Wed, 19 Sep 2001, Alex Yeung wrote:
Look at the following two URLs and then combine the config:
http://www.cisco.com/warp/customer/63/nimda.shtml
http://www.cisco.com/warp/customer/63/nbar_acl_codered.shtml

cco login required, thanks anyway

--
[-] Omae no subete no kichi wa ore no mono da. [-]




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]