I know... but I need to stop the dissemination.
Actually, I clean dozens of machines and tomorrow they are infected
again...
On Thu, 17 Jan 2002, Everett Dowd wrote:
> You need some type of virus scanning or you will NEVER remove Nimda.... If
> you don't clean the machines, it doesn't go away by itself...
>
>
>
> -----Original Message-----
> From: isamar@isamarmaia.org [mailto:isamar@isamarmaia.org]
> Sent: Thursday, January 17, 2002 5:00 AM
> To: kevin graham
> Cc: cisco-nsp@puck.nether.net
> Subject: RE: [nsp] How to block Nimda in PIX or router
>
>
>
> Yes. I have a 2948G-L3.
> The virus is being spread by disk sharing.
> I have a big amount of machines here and talking to Mcafee wouldn't be a
> good idea($$). It would be better to solve this through the 2949G-L3, if
> possible.
>
>
> On Wed, 16 Jan 2002, kevin graham wrote:
>
> >
> > > It cleans only http traffic, right?
> >
> > Yes.
> >
> > > I have a big problem actually. I big network with a
> > > central Cisco Switch 2948. Nimda is spread for all the network.
> > > How do I filter this internal network traffic to stop NIMDA
> dissemination
> > > through disk sharing?
> >
> > Is it being spread via disk sharing, or http running around on the
> > internal network? If its actually via CIFS/SMB *shrug* talk to McAfee and
> > such ilk.. Otherwise, you'll need a l3 switch (is that a 2948G-L3?) to
> > apply those policies (though nbar, if supported at all, will probably
> > destroy any of the fixed-config switches with any kind of noteworthy
> > utilization).
> >
> > ..kg..
> >
>
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:00 EDT