From: Henry (henryd31@xxxxxxxx)
Date: Tue Aug 14 2001 - 01:41:40 GMT-3
Guys,
Sorry if this is off topic here. I think this is within our studying
depth but if not
Then I apologize ahead of time before someone decides for unneeded
critisizm.
Anyway, I need to change a bit the example from Ciscos web site to
prevent
The Red Code spreading thru the routers by using NBAR.
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml
And here is what Im trying to do.
class-map match-any http-hacks
match protocol http url "*default.ida*"
match protocol http url "*x.ida*"
match protocol http url "*.ida*"
match protocol http url "*cmd.exe*"
match protocol http url "*root.exe*"
class-map match-any normal-traffic
match any
!
!
policy-map drop-inbound-http-hacks
class http-hacks
police 10000 1000 1000 conform-action drop exceed-action drop
violate-action drop
class normal-traffic
police 10000000 10000 10000 conform-action transmit exceed-action
transmit
Simply speaking, Im trying to bypass the marking of the packets (with
either DSCP or Precedence), as they are already identified By the class
map http-hacks and enforce the policing right in the first policy-map.
One of the reasons Im trying to do this, I dont want to upgrade to
their recommended IOS version >=12.1.5T
Im running 12.0.18S Service Provider version currently. All this looks
good but Im not sure if I implement
This whether it will work properly. Cant test it, not much time left
before I have to implement something there.
Any ideas as to whether this should work, or someone implemented it
would be greatly appreciated.
Thanks and sorry for OT.
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:50 GMT-3