09-01-2003 11:20 AM - edited 03-02-2019 10:01 AM
--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
I work for an isp and we have a router that is getting killed by the nachi virus. i have blocked all the ports they say to except netbios cause we use it and icmp. the router that is getting hit is one in the middle and not an area router. here is the running config, anything else needed would be great. i know i need to black icmp but i am not sure where, as in in or out and on which router, the one that is getting hit or the two its connected too. any helps would be great, then i could leave and enjoy labor day.
thanks
mike
Building configuration...
Current configuration : 1109 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxx
!
ip subnet-zero
!
!
!
interface FastEthernet0/0
description to office ethernet
ip address x.x.x.x 255.255.255.0
ip access-group 101 out
no ip unreachables
ip route-cache flow
speed auto
full-duplex
bridge-group 1
!
interface Serial0/0
description to St. Gen
bandwidth 1536
ip unnumbered FastEthernet0/0
no ip unreachables
encapsulation ppp
no ip mroute-cache
no fair-queue
bridge-group 1
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route x.x.x.0 255.255.255.0 Serial0/0
ip route x.x.x.0 255.255.255.0 x.x.x.1
ip route x.x.x.0 255.255.255.0 FastEthernet0/0
ip route x.x.x.0 255.255.255.0 x.x.x.1
!
!
bridge 1 protocol ieee
!
line con 0
password xxxxxxxxxxxxx
login
transport preferred none
line aux 0
line vty 0 4
password xxxxxxxxxxxxxx
login
transport preferred none
!
!
!
end
09-01-2003 08:29 PM
Hi there
Don't really know what your network topology is so can't really recommend where you should put your ACL. This depends on the source of ICMP. If it comes from the other two routers then it's best to block ICMP from the other routers. If it comes from the affected router then you should simply block it right there and then. With the ACL, can't really recommend anything but I know that my ISP simply notify their customers that they'll block ALL ICMP packets on the Internet. It's drastic but something that they have to do.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide