On Tue, 5 Feb 2002, Eric Daigneault wrote:
> Hi again,
>
> Do you have any tips about how I can block those without using IPTABLES...
>
> I did try yesterday, and the impact is a way to big, the access speed went
> down like hell :-( ! So if anyone have another solution ?
>
If you have a Cisco 2600 or larger, 12.1 or newer, enable CEF and do the
following policy routing:
Clunky but it works
class-map match-any iissucks
match protocol http url "*cmd.exe*"
match protocol http url "*.ida*"
match protocol http url "*root.exe*"
match protocol http url "*mem_bin*"
match protocol http url "*vti_bin*"
match protocol http url "*msadc*"
match protocol http url "*winnt*"
!
!
policy-map mark-http-crap
class iissucks
set ip dscp 1
access-list 131 deny ip any any dscp 1 log
access-list 131 permit ip any any
Outside interface:
service-policy input mark-http-crap
Inside interface:
ip access-group 131 out
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
