PIX ACL for mydoom?

From: Jason Aarons (jaarons@hotmail.com)
Date: Wed Feb 04 2004 - 13:32:01 GMT-3

• Next message: Michael Snyder: "RE: CBWFQ & FR Question"
• Previous message: Michael Snyder: "RE: Wireless Question"
• Next in thread: Netwrkx: "Re: PIX ACL for mydoom?"
• Maybe reply: Netwrkx: "Re: PIX ACL for mydoom?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I am suprised Cisco.com/security doesn't have a "risk mitigation"
notice. Ie block outbound smtp except from your SMTP server, close
outbound TCP ports, etc. Here is something I am trying at a customer
until they patch/update/scan their computers for mydoom (temp like
Welchia/Nachia). See anything wrong with the ACL? access-group
inside_access_out out interface inside
!
access-list inside_access_out permit tcp 128.100.1.182 any smtp
access-list inside_access_out deny tcp any any eq smtp
access-list inside_access_out deny tcp any any range 3127 3198
access-list inside_access_out permit ip any any
!

------------------------------------------------------------------------

Let the advanced features & services of MSN Internet Software maximize
your online time.

• Next message: Michael Snyder: "RE: CBWFQ & FR Question"
• Previous message: Michael Snyder: "RE: Wireless Question"
• Next in thread: Netwrkx: "Re: PIX ACL for mydoom?"
• Maybe reply: Netwrkx: "Re: PIX ACL for mydoom?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:46 GMT-3