[c-nsp] ACLS for Virus

Annu Roopa annu_roopa at yahoo.com
Mon Sep 18 07:31:02 EDT 2006


Hi Seth,
   
  No i know there is no "deny any any virus" :)) . Ok maybe i was not clear on the requirements. Let me re-phrase.
   
  What customer was looking at, was to deploy some sort of std ACLs which maybe other ISPs have deployed. He wants something dynamic such that it blocks out of common sense some of these. I did not think there was anything like that but wanted to check what other ISPs did ?
   
  Yes, with known port and protocol # we can easily deploy ACLs but that wont be proactive. It would be reactive when we see the attack. 
   
  Thanks to others who have responed. Will explore that and come back with Qs.
   
  Annu

Seth Mattinen <sethm at rollernet.us> wrote:
  Annu Roopa wrote:
> Hi Folks,
> 
> I am trying to find out how ACLs can be implemented on a Cisco GSR or 72xx router such that any Virus attack from the ISP side could be prevented.
> 
> Has anyone done anything similiar ? I am told there are ways to do this, but dont find much on CCO or Cisco site. Anyone with pointers ?
> 
> Thanks for your help.

If you know what port/protocol some attack is using, sure, you can apply 
an ACL against that just like anything other traffic. But no, there 
isn't a "deny virus any any" rule, if that's what you mean. =)

-- 
Seth Mattinen sethm at rollernet.us
Roller Network LLC
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


 			
---------------------------------
Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.


More information about the cisco-nsp mailing list