From: marvin greenlee (marvin@ccbootcamp.com)
Date: Wed Dec 15 2004 - 16:06:16 GMT-3
The drop keyword is a more recent addition to the IOS 12.2(13)T.
- Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lord, Chris
Sent: Wednesday, December 15, 2004 10:48 AM
To: Group Study
Subject: NBAR for Security Filtering [bcc][faked-from]
Importance: Low
I was wondering whether anybody has read Deal's "Cisco Router Firewall
Security" book - section on using NBAR to filter attacks.
The method prescribed is to craft a policy map on the inbound interface
using NBAR to detect dangerous traffic (e.g. Code Red urls), mark
matching packets with a dscp value and then use an acl on the outbound
interface to detect the dscp value and deny the traffic.
Why not just drop the packets in the first place using the inbound
policy-map instead of letting it traverse the router first??
Any views out there on this??
TIA
Chris.
**********************************************************************
The information contained in this email is confidential and is intended for
the recipient only. If you have received it in error, please notify us
immediately by reply email and then delete it from your system. Please do
not
copy it or use it for any purposes, or disclose its contents to any other
person or store or copy this information in any medium. The views contained
in
this email are those of the author and not necessarily those of Lorien plc.
Thank you for your co-operation.
**********************************************************************
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:27 GMT-3