Blocking Code Red and other HTTP Hacks using NBAR

This solution will be posted on CCO in the next day or so and will be referenced in the Cisco's Security Advisory as well.

http://iponeverything.net/CodeRed.html

You comments and thoughts are welcome - My thought is that this solution would really be useful on managed customer prem routers to block both inbound and more effectively outbound sessions to prevent code red infection.

Please feel free to forward to customers. I will follow up with the official CCO release.

Also policing and droping on conformance will work as well.

Regards,

Scott E. Frisby CCIE # 5059
Product Manager - NBAR
Enterprise Solutions Engineering
C i s c o S y s t e m s

Voice: (408) 853-7018
Pager: 1-800-365-4578
Pager: 1-800-796-7363 p1032646
e-mail: [email protected]
e-page: [email protected]