Solved

Cisco Access List - Bliock AOL

Posted on 2006-06-20
4
223 Views
Last Modified: 2010-04-17
Hey Hey...

I think everyone in my whole company uses AOL's AIM...except for me of course...and today a trojan type link has been appearing on everyone's AIM from a trusted user in the company.  Well when they click on the link all hell breaks loose...especially TFTHOT.exe and about another 100 processes and users that this thing creates.

I've got a 2610 and need to apply an access list to it to stop AIM from running.

I've been told AIM is on a TCP/5190 connection...\

Serial0/0 and Ethernet0/0  are the interfaces...I just can't remember how to write it and in which direction to place the access-list.

Please help,
Thanks
0
Comment
Question by:inverted_2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 200 total points
ID: 16946027

you would want the following

access-list 100 deny tcp any any eq 5190
access-list 100 permit any any

then in serial 0/0

access-group 100 in

that should take care of it.

Thanks
Scott
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946511
Yo Scott...

There is already an access list on there:
access-list 1 permit 10.0.0.0 0.0.0.255

Your's seems to knock everyone offline completely.

Can you adjust it a bit?

Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 16946624
Looks like a slight typo in Scott's post

Try this:
 access-list 101 deny tcp any any eq 5190
 access-list 101 permit ip any any  <== Scott forgot the "ip" - very important!
 interface serial 0/0
   ip access-group 101 in

Access-list 1 doesn't make any sense if it is applied to the WAN interface...

You can also block them going out:
 access-list 102 deny tcp any any eq 5190
 access-list 102 deny tcp any eq 5190 any
 access-list 102 permit ip any any
 interface Fast 0/0
  ip access-group 102 in

You can also doctor your DNS to block AIM
http://www.digitalpoint.com/lists/34662.html

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946655
Yes I caught the missing ip too....thanks a ton guys...
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month5 days, 22 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question