W32.Spybot.CF virus restriction through NBAR or QOS
We are currently facing virus spread in one of our client network the VIRUS is effecting the ATMs and POS machines where the OS is customized and antivirus cannot be installed once we clean the virus from one machine it cames back throug other source we have restricted ports but they change once you restrict one port it send from ohter ports the only solution I see is through NBAR and QOS if any advise much appericiated
Re: W32.Spybot.CF virus restriction through NBAR or QOS
Perhaps your two choices are: if you can recognize valid traffic, forward it and block eveything else (espeically since the hosts have dedicated functions); or identify the virus and block just it.
QoS commands would be one way to both identify traffic and pass it or block it. NBAR the specific feature that might be used for identification.
If you can identify "good" traffic, you pass it and block all else, or perhaps very much rate limit the unknown traffic. The latter would keep a virus from flooding your ATMs and POS, but this wouldn't be good if the virus can infect them.
Since you mention the virus uses dynamic ports, to identify it, you might check whether Cisco has a NBAR PDLM to do so. If not, NBAR can be configured for some packet inspection, but it might only be when using the HTTP protocol.
If you drop a 6500 with sup32-PISA in line, I recall it's FPM feature might allow you to better see and then drop virus packets.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.