We've got a really nasty situation that cropped up after NIMDA did its damage to a web server; the attack drove the router to 100 percent util, and now the unit won't block TCP 80 regardless of the ACLs. Before the attack, all ACLs worked fine and the CBAC code worked as advertised. Now, even with TCP 80 blocked inbound and outbound on both the WAN and ethernet port, a sniffer has confirmed that TCP 80 is getting by.
Has anyone heard of this problem after the attack on the 800 line of routers? I've already posted a message in Open Forum, but wanted to try another avenue as well. For now, it seems as if the firmware has been compromised on this unit.
Thanks,
Jeff Bankston
Sr. Consultant
Vista IT