Solved

Cisco Access List - Bliock AOL

Posted on 2006-06-20
4
221 Views
Last Modified: 2010-04-17
Hey Hey...

I think everyone in my whole company uses AOL's AIM...except for me of course...and today a trojan type link has been appearing on everyone's AIM from a trusted user in the company.  Well when they click on the link all hell breaks loose...especially TFTHOT.exe and about another 100 processes and users that this thing creates.

I've got a 2610 and need to apply an access list to it to stop AIM from running.

I've been told AIM is on a TCP/5190 connection...\

Serial0/0 and Ethernet0/0  are the interfaces...I just can't remember how to write it and in which direction to place the access-list.

Please help,
Thanks
0
Comment
Question by:inverted_2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 200 total points
ID: 16946027

you would want the following

access-list 100 deny tcp any any eq 5190
access-list 100 permit any any

then in serial 0/0

access-group 100 in

that should take care of it.

Thanks
Scott
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946511
Yo Scott...

There is already an access list on there:
access-list 1 permit 10.0.0.0 0.0.0.255

Your's seems to knock everyone offline completely.

Can you adjust it a bit?

Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 16946624
Looks like a slight typo in Scott's post

Try this:
 access-list 101 deny tcp any any eq 5190
 access-list 101 permit ip any any  <== Scott forgot the "ip" - very important!
 interface serial 0/0
   ip access-group 101 in

Access-list 1 doesn't make any sense if it is applied to the WAN interface...

You can also block them going out:
 access-list 102 deny tcp any any eq 5190
 access-list 102 deny tcp any eq 5190 any
 access-list 102 permit ip any any
 interface Fast 0/0
  ip access-group 102 in

You can also doctor your DNS to block AIM
http://www.digitalpoint.com/lists/34662.html

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946655
Yes I caught the missing ip too....thanks a ton guys...
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Getting locked out and can't access Cisco via the web 18 87
Some issue on SecurityCRT 5 35
route-map permit with a number 1 53
Static Route on Cisco ISR 4431's 4 32
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question