[c-nsp] ACLS for Virus

Jens Link lists at quux.de
Sun Sep 17 16:32:02 EDT 2006

Seth Mattinen <sethm at rollernet.us> writes:

> If you know what port/protocol some attack is using, sure, you can apply 
> an ACL against that just like anything other traffic. 

And you probably will block some legitimate traffic. I once spend half a
day troubleshooting a Windows problem just to find out that someone had
configured an ACL to block port 135/tcp on a router to mitigate a
Blaster outbreak. It was the only router in our network I didn't had
access to. (And yes, after that day tcptraceroute is on of the first
tools I use to find such problems).

sage at guug Berlin: http://www.guug.de/lokal/berlin/index.html

More information about the cisco-nsp mailing list