Solved

Cisco Access List - Bliock AOL

Posted on 2006-06-20
4
217 Views
Last Modified: 2010-04-17
Hey Hey...

I think everyone in my whole company uses AOL's AIM...except for me of course...and today a trojan type link has been appearing on everyone's AIM from a trusted user in the company.  Well when they click on the link all hell breaks loose...especially TFTHOT.exe and about another 100 processes and users that this thing creates.

I've got a 2610 and need to apply an access list to it to stop AIM from running.

I've been told AIM is on a TCP/5190 connection...\

Serial0/0 and Ethernet0/0  are the interfaces...I just can't remember how to write it and in which direction to place the access-list.

Please help,
Thanks
0
Comment
Question by:inverted_2000
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 200 total points
ID: 16946027

you would want the following

access-list 100 deny tcp any any eq 5190
access-list 100 permit any any

then in serial 0/0

access-group 100 in

that should take care of it.

Thanks
Scott
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946511
Yo Scott...

There is already an access list on there:
access-list 1 permit 10.0.0.0 0.0.0.255

Your's seems to knock everyone offline completely.

Can you adjust it a bit?

Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 16946624
Looks like a slight typo in Scott's post

Try this:
 access-list 101 deny tcp any any eq 5190
 access-list 101 permit ip any any  <== Scott forgot the "ip" - very important!
 interface serial 0/0
   ip access-group 101 in

Access-list 1 doesn't make any sense if it is applied to the WAN interface...

You can also block them going out:
 access-list 102 deny tcp any any eq 5190
 access-list 102 deny tcp any eq 5190 any
 access-list 102 permit ip any any
 interface Fast 0/0
  ip access-group 102 in

You can also doctor your DNS to block AIM
http://www.digitalpoint.com/lists/34662.html

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 16946655
Yes I caught the missing ip too....thanks a ton guys...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN 101 - how and which protocol? 9 95
Edgemax OS VPN, to Barracuda Link Balancer 7 151
Enterasys QoS setup 2 54
GRE Trunnel with IPsec Encryption Issue 3 55
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now