08-20-2001 08:45 AM - edited 02-20-2020 09:49 PM
Is there any way to block Code Red worm on PIX just as it can be done on Cisco IOS?
08-23-2001 03:32 PM
There are a number of Code Red work resources posted at http://www.cisco.com/warp/public/63/codered_index.shtml that you should find useful. I have also learned of another document that will be published shortly that discusses (among other things) the ability of stateful packet filter firewalls (i.e. Cisco PIX Firewall) to help block the adverse affects of the two versions of the worm.
In the meantime, please carefully review the documents at http://www.cisco.com/warp/public/63/codered_index.shtml and http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
I will post again to this thread when that document is published.
Thank you for posting your question to the forum.
09-18-2001 03:29 PM
Here is another recently published document regarding the Code Red worm worth reading.
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/scdam_wp.htm
09-18-2001 05:28 PM
The PIX can only block by port or IP address so I don't see how you would block it without blocking access to port 80 completely.
10-04-2001 11:48 AM
My point exactly. I know I can do it on Cisco IOS with class-maps, but how do I do it on PIX?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide