From: Frank Kim (frank@xxxxxxxxxxxxx)
Date: Tue Dec 04 2001 - 21:22:29 GMT-3
Folks,
Has anyone actually got NBAR filtering working? I have the below
configured on my router and it doesn't seem to work. This is a config I
copied from one of us in this group awhile ago. Also, Please advise if
*.exe* is a mime-type? I thought mime-types are something like
Media/Audio....
Here is my config. Thanks for any help.
###############################################################
class-map match-any http-hacks
match protocol http url "*default.ida*"
match protocol http url "*.ida*"
match protocol http url "*cmd.exe*"
match protocol http url "*readme.exe*"
match protocol http url "*root.exe*"
match protocol http url "*_vti_bin*"
match protocol http url "*_mem_bin*"
match protocol http url "*.eml*"
match protocol http url "*.exe*"
match protocol http mime ".exe"
match protocol http mime ".pif"
match protocol http mime ".scr"
policy-map mark-inbound-http-hacks
class http-hacks
set ip dscp 1
interface FastEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 100 1
no ip route-cache distributed
full-duplex
service-policy input mark-inbound-http-hacks
no cdp enable
access-list 100 deny ip any any dscp 1 log
access-list 100 permit ip any any
##############################################
-Frank
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:37 GMT-3