Worm Detection Using Cisco NBAR
Router(config−cmap)#match protocol http url "*.ida*"
Router(config−cmap)#match protocol http url "*cmd.exe*"
Router(config−cmap)#match protocol http url "*root.exe*"
Router(config−cmap)#match protocol http url "*readme.eml*"
Once the router is configured to filter worms as mentioned above, the NBAR engine will do a deep packet analysis on traffic passing through the router interface and if the traffic matches above class then administrator can filter them using access list or they can do policy base routing for monitoring infected hosts.
How NetFlow Analyzer can help ?
NetFlow Analyzer is capable of classifying generate NBAR reports via SNMP and Flexible NetFlow. Click here to know how to configure the router for FNF NBAR.
NBAR can also classifies HTTP URL specific traffic, With NBAR feature in NetFlow Analyzer you can keep track of anonymous http traffic as well as you can monitor traffic from infected hosts.
You can download the 30 day trial of ManageEngine NetFlow Analyzer from here.
Reach us on Facebook at NetFlow Analyzer TACCatch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for EnterprisesReference:http://www.cisco.comhttps://blogscdn.manageengine.com/image/gif/paws/4615/nimda.pdf
Praveen KumarNetFlow Analyzer Technical TeamDownload | Interactive Demo | Twitter | Customers
Comments