Solved

Cisco Access List - Bliock AOL

Posted on 2006-06-20
4
222 Views
Last Modified: 2010-04-17
Hey Hey...

I think everyone in my whole company uses AOL's AIM...except for me of course...and today a trojan type link has been appearing on everyone's AIM from a trusted user in the company.  Well when they click on the link all hell breaks loose...especially TFTHOT.exe and about another 100 processes and users that this thing creates.

I've got a 2610 and need to apply an access list to it to stop AIM from running.

I've been told AIM is on a TCP/5190 connection...\

Serial0/0 and Ethernet0/0  are the interfaces...I just can't remember how to write it and in which direction to place the access-list.

Please help,
Thanks
0
Comment
Question by:inverted_2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 200 total points
ID: 16946027

you would want the following

access-list 100 deny tcp any any eq 5190
access-list 100 permit any any

then in serial 0/0

access-group 100 in

that should take care of it.

Thanks
Scott
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946511
Yo Scott...

There is already an access list on there:
access-list 1 permit 10.0.0.0 0.0.0.255

Your's seems to knock everyone offline completely.

Can you adjust it a bit?

Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 16946624
Looks like a slight typo in Scott's post

Try this:
 access-list 101 deny tcp any any eq 5190
 access-list 101 permit ip any any  <== Scott forgot the "ip" - very important!
 interface serial 0/0
   ip access-group 101 in

Access-list 1 doesn't make any sense if it is applied to the WAN interface...

You can also block them going out:
 access-list 102 deny tcp any any eq 5190
 access-list 102 deny tcp any eq 5190 any
 access-list 102 permit ip any any
 interface Fast 0/0
  ip access-group 102 in

You can also doctor your DNS to block AIM
http://www.digitalpoint.com/lists/34662.html

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946655
Yes I caught the missing ip too....thanks a ton guys...
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MAC address learning of Riverbed 4 89
BGP prefix and routing 3 100
Best adsl router for small MS network 6 84
Syslog-ng works. Now what? How to filter and manage? 8 113
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question