[c-nsp] ACLS for Virus
Netfortius
netfortius at gmail.com
Sun Sep 17 14:31:28 EDT 2006
I would look for something similar to snort_inline
(http://snort-inline.sourceforge.net/) associated with rules specifically
developed as AV (http://www.bleedingsnort.com/ --> look AV category up on
this site). I have personally used bleedingsnort for just triggering info (I
am not a fan of automated blocking, as I believe clever attackers could use
that as a DOS tool) about viruses, especially when I knew the community
developed signatures (even if imperfect) way before AV vendors had a clue,
but I also know that snort may also have plugins to change third party
firewalls rules on the fly (I have done something like this for a client
using Checkpoint, a few years back), so I am thinking that writing
*Cisco-ACLs-on-the-fly* may have already been attempted. Google around for
these terms (snort inline acl cisco ... ) and let us know what you come up
with ;)
HTH,
Stefan
On Sunday 17 September 2006 11:51, Annu Roopa wrote:
> Hi Folks,
>
> I am trying to find out how ACLs can be implemented on a Cisco GSR or
> 72xx router such that any Virus attack from the ISP side could be
> prevented.
>
> Has anyone done anything similiar ? I am told there are ways to do this,
> but dont find much on CCO or Cisco site. Anyone with pointers ?
>
> Thanks for your help.
>
> Annu
>
>
> ---------------------------------
> Get your email and more, right on the new Yahoo.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list