You need some type of virus scanning or you will NEVER remove Nimda.... If
you don't clean the machines, it doesn't go away by itself...
-----Original Message-----
From: isamar@isamarmaia.org [mailto:isamar@isamarmaia.org]
Sent: Thursday, January 17, 2002 5:00 AM
To: kevin graham
Cc: cisco-nsp@puck.nether.net
Subject: RE: [nsp] How to block Nimda in PIX or router
Yes. I have a 2948G-L3.
The virus is being spread by disk sharing.
I have a big amount of machines here and talking to Mcafee wouldn't be a
good idea($$). It would be better to solve this through the 2949G-L3, if
possible.
On Wed, 16 Jan 2002, kevin graham wrote:
>
> > It cleans only http traffic, right?
>
> Yes.
>
> > I have a big problem actually. I big network with a
> > central Cisco Switch 2948. Nimda is spread for all the network.
> > How do I filter this internal network traffic to stop NIMDA
dissemination
> > through disk sharing?
>
> Is it being spread via disk sharing, or http running around on the
> internal network? If its actually via CIFS/SMB *shrug* talk to McAfee and
> such ilk.. Otherwise, you'll need a l3 switch (is that a 2948G-L3?) to
> apply those policies (though nbar, if supported at all, will probably
> destroy any of the fixed-config switches with any kind of noteworthy
> utilization).
>
> ..kg..
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:29 EDT