[c-nsp] ACLS for Virus
Jens Link
lists at quux.de
Sun Sep 17 16:32:02 EDT 2006
Seth Mattinen <sethm at rollernet.us> writes:
> If you know what port/protocol some attack is using, sure, you can apply
> an ACL against that just like anything other traffic.
And you probably will block some legitimate traffic. I once spend half a
day troubleshooting a Windows problem just to find out that someone had
configured an ACL to block port 135/tcp on a router to mitigate a
Blaster outbreak. It was the only router in our network I didn't had
access to. (And yes, after that day tcptraceroute is on of the first
tools I use to find such problems).
Jens
--
sage at guug Berlin: http://www.guug.de/lokal/berlin/index.html
http://www.openbc.com/go/invita/4269460
More information about the cisco-nsp
mailing list