Solved

Cisco Access List - Bliock AOL

Posted on 2006-06-20
4
212 Views
Last Modified: 2010-04-17
Hey Hey...

I think everyone in my whole company uses AOL's AIM...except for me of course...and today a trojan type link has been appearing on everyone's AIM from a trusted user in the company.  Well when they click on the link all hell breaks loose...especially TFTHOT.exe and about another 100 processes and users that this thing creates.

I've got a 2610 and need to apply an access list to it to stop AIM from running.

I've been told AIM is on a TCP/5190 connection...\

Serial0/0 and Ethernet0/0  are the interfaces...I just can't remember how to write it and in which direction to place the access-list.

Please help,
Thanks
0
Comment
Question by:inverted_2000
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 200 total points
Comment Utility

you would want the following

access-list 100 deny tcp any any eq 5190
access-list 100 permit any any

then in serial 0/0

access-group 100 in

that should take care of it.

Thanks
Scott
0
 
LVL 2

Author Comment

by:inverted_2000
Comment Utility
Yo Scott...

There is already an access list on there:
access-list 1 permit 10.0.0.0 0.0.0.255

Your's seems to knock everyone offline completely.

Can you adjust it a bit?

Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
Comment Utility
Looks like a slight typo in Scott's post

Try this:
 access-list 101 deny tcp any any eq 5190
 access-list 101 permit ip any any  <== Scott forgot the "ip" - very important!
 interface serial 0/0
   ip access-group 101 in

Access-list 1 doesn't make any sense if it is applied to the WAN interface...

You can also block them going out:
 access-list 102 deny tcp any any eq 5190
 access-list 102 deny tcp any eq 5190 any
 access-list 102 permit ip any any
 interface Fast 0/0
  ip access-group 102 in

You can also doctor your DNS to block AIM
http://www.digitalpoint.com/lists/34662.html

0
 
LVL 2

Author Comment

by:inverted_2000
Comment Utility
Yes I caught the missing ip too....thanks a ton guys...
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now