Can someone explain this route-map command

Discussion in 'Cisco' started by bhamoo@gmail.com, Jan 23, 2005.

  1. Guest

    Hi Guys,

    Can you explain in detail what exactly this command is doing.

    route-map nachi-worm permit 10
    match ip address 199
    match length 92 92
    set interface Null0


    thanks

    RTR
    , Jan 23, 2005
    #1
    1. Advertising

  2. writes:
    >Can you explain in detail what exactly this command is doing.


    >route-map nachi-worm permit 10
    >match ip address 199
    >match length 92 92
    > set interface Null0



    Defining a route-map (just defining it, not using it anywhere) that
    will match an IP address that is matched in access-list 199, for any
    packet that is exactly 92 bytes in length and setting its next hop
    interface to be null0.

    Basicly, if this route-map was applied somewhere, it would throw away
    any packet that matched access-list 199 that is exactly 92 bytes in
    length. This would be a quick fix to a Nachi worm problem, but you'll
    be tossing out some legit traffic as well.
    Doug McIntyre, Jan 23, 2005
    #2
    1. Advertising

  3. Guest

    Thanks OK, makes sense.

    I would think in order to block NACHI worm, On the Internet interface
    can just blocking Port TCP 135, should work, I would think.

    access-list 120 deny tcp any any eq 135
    access-list 120 permit ip any any
    on interface
    ip access-group 101 in

    Thanks
    RTR
    , Jan 23, 2005
    #3
  4. Guest

    Thanks OK, makes sense.

    I would think in order to block NACHI worm, On the Internet interface
    can just blocking Port TCP 135, should work, I would think.

    access-list 120 deny tcp any any eq 135
    access-list 120 permit ip any any
    on interface
    ip access-group 101 in

    Thanks
    RTR
    , Jan 23, 2005
    #4
  5. Guest

    Thanks OK, makes sense.

    I would think in order to block NACHI worm, On the Internet interface
    can just blocking Port TCP 135, should work, I would think.

    access-list 120 deny tcp any any eq 135
    access-list 120 permit ip any any
    on interface
    ip access-group 101 in

    Thanks
    RTR
    , Jan 23, 2005
    #5
  6. Guest

    Thanks OK, makes sense.

    I would think in order to block NACHI worm, On the Internet interface
    can just blocking Port TCP 135, should work, I would think.

    access-list 120 deny tcp any any eq 135
    access-list 120 permit ip any any
    on interface
    ip access-group 101 in

    Thanks
    RTR
    , Jan 23, 2005
    #6
  7. Guest

    Thanks OK, makes sense.

    I would think in order to block NACHI worm, On the Internet interface
    can just blocking Port TCP 135, should work, I would think.

    access-list 120 deny tcp any any eq 135
    access-list 120 permit ip any any
    on interface
    ip access-group 101 in

    Thanks
    RTR
    , Jan 23, 2005
    #7
  8. In article <>,
    <> wrote:
    >Thanks OK, makes sense.
    >
    >I would think in order to block NACHI worm, On the Internet interface
    >can just blocking Port TCP 135, should work, I would think.
    >
    >access-list 120 deny tcp any any eq 135
    >access-list 120 permit ip any any
    >on interface
    >ip access-group 101 in
    >
    >Thanks
    >RTR


    Blocking port 135 is necessary but not sufficient. When Nachi
    first struck, the blasts of traffic not only knocked out the PCs,
    but also overwhelmed the routers. Blocking the ICMP pings used by
    Nacchi (the original route map, if set up correctly) stopped it
    from sending further requests.

    See the Cisco Security Notice at (long URL, mind the wrap):
    http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a00801b143a.html
    for a complete explanation.

    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
    Vincent C Jones, Jan 23, 2005
    #8
  9. wouldn't you use ip access-group 120 in?
    Aren't you trying to assign the acl 120 to the interface?


    On 23 Jan 2005 01:34:47 -0800, wrote:

    >Thanks OK, makes sense.
    >
    >I would think in order to block NACHI worm, On the Internet interface
    >can just blocking Port TCP 135, should work, I would think.
    >
    >access-list 120 deny tcp any any eq 135
    >access-list 120 permit ip any any
    >on interface
    >ip access-group 101 in
    >
    >Thanks
    >RTR
    Jon L. Miller, Feb 4, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Niche
    Replies:
    1
    Views:
    591
    Niche
    Apr 15, 2005
  2. AM
    Replies:
    3
    Views:
    586
  3. Replies:
    1
    Views:
    5,124
    Barry Margolin
    Aug 13, 2005
  4. sudha.gutta
    Replies:
    0
    Views:
    498
    sudha.gutta
    Nov 1, 2007
  5. Replies:
    9
    Views:
    4,778
    Scott Perry
    Aug 7, 2008
Loading...

Share This Page