[c-nsp] ACLS for Virus

Annu Roopa annu_roopa at yahoo.com
Sun Sep 24 09:19:47 EDT 2006 

Thanks Tim, that really helps.
   
  As one of u suggested, we are trying to use NBAR and find the used ports by customer and block the other ports.
   
  Thanks to all who answered.
   
  Annu.

Tim DeVries <tdevries at icsbermuda.com> wrote:
  When I worked for an ISP we had something similar. Common sense port
blocking at the edge or at points of broadband aggregation would be
ports like:

135,137-139 (NetBIOS tcp/udp)
1433, 1434 (SQL)
TFTP
9995
Etc.

There is a list here of commonly used Trojan/virus ports:

http://www.doshelp.com/Ports/Trojan_Ports.htm

but you want to be careful you don't block any legitimate ports. As it
was, we'd occasionally have some clueless admin calling in and wanting
to connect to his SQL server over the open internet. To each their own,
I guess....

Regards,

Tim


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Annu Roopa
Sent: Monday, September 18, 2006 8:31 AM
To: Seth Mattinen
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ACLS for Virus

Hi Seth,

No i know there is no "deny any any virus" :)) . Ok maybe i was not
clear on the requirements. Let me re-phrase.

What customer was looking at, was to deploy some sort of std ACLs
which maybe other ISPs have deployed. He wants something dynamic such
that it blocks out of common sense some of these. I did not think there
was anything like that but wanted to check what other ISPs did ?

Yes, with known port and protocol # we can easily deploy ACLs but that
wont be proactive. It would be reactive when we see the attack. 

Thanks to others who have responed. Will explore that and come back
with Qs.

Annu

Seth Mattinen wrote:
Annu Roopa wrote:
> Hi Folks,
> 
> I am trying to find out how ACLs can be implemented on a Cisco GSR or
72xx router such that any Virus attack from the ISP side could be
prevented.
> 
> Has anyone done anything similiar ? I am told there are ways to do
this, but dont find much on CCO or Cisco site. Anyone with pointers ?
> 
> Thanks for your help.

If you know what port/protocol some attack is using, sure, you can apply

an ACL against that just like anything other traffic. But no, there 
isn't a "deny virus any any" rule, if that's what you mean. =)

-- 
Seth Mattinen sethm at rollernet.us
Roller Network LLC
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



---------------------------------
Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
Business.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


 		
---------------------------------
Do you Yahoo!?
 Everyone is raving about the  all-new Yahoo! Mail.

More information about the cisco-nsp mailing list