03-31-2005 10:15 AM - edited 03-02-2019 10:19 PM
Hi,
I'm trying to contain (null0) an infected file (winslogon.exe) from spreading within my customer's network (inter-vlan) and was wondering if
there's a way that I can achieve this via nbar?
Damage is already done..I'm trying to stop the propagation. Is it possible via nbar?
If so any ios recommendation (12.3(4)T?) which will address this w/o breaking anything. The class-map command that I tried is very limited on
a 2621 running 120-7.T image :(
Any pointers will be appreciated.
regards,
/vicky
03-31-2005 07:59 PM
hi vikcy
is it possible to sniff out with which port its propagating ? i think blocking out (with ACLS) with the port details would be the best thing which can be done .
Regding ur ios image would suggest to upgrade the latest GD version instead of living with 12.0 one..
Also try to patch ur router up for the well known virus/worms which is again avl out ther in cisco website..
for ios upgradation feature navigator/advisory chek out this link ..
http://tools.cisco.com/Support/Fusion/FusionHome.do
for security adviosry do chek this one..
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
regds
03-31-2005 08:45 PM
Hi,
i know i can null route it via port but i was wondering if there's a way to do it via filename (non-http).
regards,
/vicky
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide