Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
195
Views
0
Helpful
1
Replies

nachi killing me!!

mraisley
Level 1
Level 1

‎09-01-2003 11:20 AM - edited ‎03-02-2019 10:01 AM

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

I work for an isp and we have a router that is getting killed by the nachi virus. i have blocked all the ports they say to except netbios cause we use it and icmp. the router that is getting hit is one in the middle and not an area router. here is the running config, anything else needed would be great. i know i need to black icmp but i am not sure where, as in in or out and on which router, the one that is getting hit or the two its connected too. any helps would be great, then i could leave and enjoy labor day.

thanks

mike

Building configuration...

Current configuration : 1109 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxxxx

!

ip subnet-zero

!

!

!

interface FastEthernet0/0

description to office ethernet

ip address x.x.x.x 255.255.255.0

ip access-group 101 out

no ip unreachables

ip route-cache flow

speed auto

full-duplex

bridge-group 1

!

interface Serial0/0

description to St. Gen

bandwidth 1536

ip unnumbered FastEthernet0/0

no ip unreachables

encapsulation ppp

no ip mroute-cache

no fair-queue

bridge-group 1

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route x.x.x.0 255.255.255.0 Serial0/0

ip route x.x.x.0 255.255.255.0 x.x.x.1

ip route x.x.x.0 255.255.255.0 FastEthernet0/0

ip route x.x.x.0 255.255.255.0 x.x.x.1

!

!

bridge 1 protocol ieee

!

line con 0

password xxxxxxxxxxxxx

login

transport preferred none

line aux 0

line vty 0 4

password xxxxxxxxxxxxxx

login

transport preferred none

!

!

!

end

Labels:
0 Helpful
1 Reply 1

vincent-n
Level 3
Level 3

‎09-01-2003 08:29 PM

Hi there

Don't really know what your network topology is so can't really recommend where you should put your ACL. This depends on the source of ICMP. If it comes from the other two routers then it's best to block ICMP from the other routers. If it comes from the affected router then you should simply block it right there and then. With the ACL, can't really recommend anything but I know that my ISP simply notify their customers that they'll block ALL ICMP packets on the Internet. It's drastic but something that they have to do.

0 Helpful
Customers Also Viewed These Support Documents