Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

nbar question

vickyrode
Level 1
Level 1

‎03-31-2005 10:15 AM - edited ‎03-02-2019 10:19 PM

Hi,

I'm trying to contain (null0) an infected file (winslogon.exe) from spreading within my customer's network (inter-vlan) and was wondering if

there's a way that I can achieve this via nbar?

Damage is already done..I'm trying to stop the propagation. Is it possible via nbar?

If so any ios recommendation (12.3(4)T?) which will address this w/o breaking anything. The class-map command that I tried is very limited on

a 2621 running 120-7.T image :(

Any pointers will be appreciated.

regards,

/vicky

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎03-31-2005 07:59 PM

hi vikcy

is it possible to sniff out with which port its propagating ? i think blocking out (with ACLS) with the port details would be the best thing which can be done .

Regding ur ios image would suggest to upgrade the latest GD version instead of living with 12.0 one..

Also try to patch ur router up for the well known virus/worms which is again avl out ther in cisco website..

for ios upgradation feature navigator/advisory chek out this link ..

http://tools.cisco.com/Support/Fusion/FusionHome.do

for security adviosry do chek this one..

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

regds

0 Helpful

vickyrode
Level 1
Level 1
In response to spremkumar

‎03-31-2005 08:45 PM

Hi,

i know i can null route it via port but i was wondering if there's a way to do it via filename (non-http).

regards,

/vicky

0 Helpful
Customers Also Viewed These Support Documents