From: Abraham, Ajith (Ajith.Abraham@xxxxxxxxxx)
Date: Thu Aug 01 2002 - 08:37:35 GMT-3
You are blocking only the SMTP (If you block port 23) you will not be able
to telnet. May be I do not understand your question.
-----Original Message-----
From: Ahmed Al-Ghawas [mailto:ghawas@batelco.com.bh]
Sent: Thursday, August 01, 2002 2:44 AM
To: ccielab@groupstudy.com
Subject: Virus attack!!
Guys,
We have been attacked by a worm that uses IE as an SMTP engine and forwards
itself to any available address book on a users machine to the default mail
server (On our case it's the Exchange Server).
Therefore, to reduce the load on the exchange server and since outlook
clients
does not rely on SMTP connection to the Exchange server, I have decided to
block all outbound traffic to the server VLAN.
Here is what I did:
Clients are on several VLANS 1-20
Server is on VLAN2
Interface VLAN2
ip address x.x.x.x
ip access-group 111 out
!
access-list 111 deny tcp any host x.x.x.x eq smtp log (Where x.x.x.x is the
Exchange Server IP address)
access-list 111 permit IP any any
After applying the list I was still able to telnet from other VLANS to port
25
on the Exchange Server!!!
I even tried using an inbound access list on the client VLANS, but with no
luck. However, the permit statement matches several packets!
The router is an MSFC on a 6550 CAT Switch
Any help would be much appreciated
Thanks,
Ahmed
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:13 GMT-3