cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
1
Replies

804-IDSL router with IP-FW not blocking TCP 80 after NIMDA

jeff.bankston
Level 1
Level 1

We've got a really nasty situation that cropped up after NIMDA did its damage to a web server; the attack drove the router to 100 percent util, and now the unit won't block TCP 80 regardless of the ACLs. Before the attack, all ACLs worked fine and the CBAC code worked as advertised. Now, even with TCP 80 blocked inbound and outbound on both the WAN and ethernet port, a sniffer has confirmed that TCP 80 is getting by.

Has anyone heard of this problem after the attack on the 800 line of routers? I've already posted a message in Open Forum, but wanted to try another avenue as well. For now, it seems as if the firmware has been compromised on this unit.

Thanks,

Jeff Bankston

Sr. Consultant

Vista IT

1 Reply 1

thomas.chen
Level 6
Level 6

I didn’t see any such issue when we were hit with Nimda. It might be the IOS version you’re running although I couldn’t find any bugs filed on any of the versions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: