Urgent Virus Issue > Block IP Address

Discussion in 'Cisco' started by paul_tomlin@hotmail.com, Jul 22, 2008.

  1. Guest

    we've got a virus infection and it keeps reinstalling a remote
    management tool , I've used some monitoring tools and can see it's
    trying to communicate with the public IP 123.119.253.199, I assumed
    i'd be able to block this by putting in :

    access-list in2out deny ip any host 123.119.253.199
    access-list in2out permit ip any any
    access-list in2out permit icmp any any
    access-group in2out in interface inside

    I thought the above lines would resolve it , but I can still see the
    virus communicating with that IP address both in and outbound

    Anybody have any ideas what i've missed?
    , Jul 22, 2008
    #1
    1. Advertising

  2. Guest

    I've read through this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00801e419a.shtml
    and can't see where I could have gone wrong

    Anybody got any ideas?


    On 22 Jul, 03:03, "Brian V" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    > > we've got a virus infection and it keeps reinstalling a remote
    > > management tool , I've used some monitoring tools and can see it's
    > > trying to communicate with the public IP 123.119.253.199, I assumed
    > > i'd be able to block this by putting in :

    >
    > > access-list in2out deny ip any host 123.119.253.199
    > > access-list in2out permit ip any any
    > > access-list in2out permit icmp any any
    > > access-group in2out in interface inside

    >
    > > I thought the above lines would resolve it , but I can still see the
    > > virus communicating with that IP address both in and outbound

    >
    > > Anybody have any ideas what i've missed?

    >
    > How about where you applied it, on what interface and in what direction?
    , Jul 22, 2008
    #2
    1. Advertising

  3. a écrit :
    > we've got a virus infection and it keeps reinstalling a remote
    > management tool , I've used some monitoring tools and can see it's
    > trying to communicate with the public IP 123.119.253.199, I assumed
    > i'd be able to block this by putting in :
    >
    > access-list in2out deny ip any host 123.119.253.199
    > access-list in2out permit ip any any
    > access-list in2out permit icmp any any
    > access-group in2out in interface inside
    >
    > I thought the above lines would resolve it , but I can still see the
    > virus communicating with that IP address both in and outbound
    >
    > Anybody have any ideas what i've missed?


    If there's an active "xlate" for the infected host(s), new access-lists
    won't take effect.

    Try issuing a "clear xlate local x.x.x.x" where x.x.x.x is the ip
    address of the infected host(s). If you do not have mission critical
    traffic through your pix (including the vpn tunnel you're currently
    using to access it!), you can just "clear xlate". This will kill all
    current connections and force new ones to be rebuilt using the new
    in2out access-list.

    --
    |Francois Labreque | Unfortunately, there's no such thing as a snooze
    | flabreque | button on a cat who wants breakfast.
    | @ |
    | gmail.com | - Unattributed quote from rec.humor.funny
    Francois Labreque, Jul 23, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    516
    DaveW
    Sep 22, 2003
  2. Les Stewart

    How to Block Read-Notify Company?? - Privacy Issue

    Les Stewart, Sep 7, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    24,179
    rhiannon1223
    Jan 23, 2009
  3. Security Advisory

    !!URGENT!! Tor Vulnerability Discovered !!URGENT!!

    Security Advisory, Aug 6, 2007, in forum: Computer Security
    Replies:
    1
    Views:
    939
    http://tinyurl.com/23k3dt@$NIFF-deeply.ahh
    Aug 11, 2007
  4. pooja
    Replies:
    0
    Views:
    1,154
    pooja
    Mar 3, 2009
  5. Griffin
    Replies:
    0
    Views:
    605
    Griffin
    Aug 27, 2010
Loading...

Share This Page