Latest virus detection

[IllegalOperation]

Ok, before anyone goes off on this subject about IDS, packet sniffers, firewalls, etc, etc....I DONT HAVE ANY.

All I have is a Cisco 1721 router. With my 1721 router, what is the easiest way to determine if I have that nasty virus that is going around? What do I need to do to determine if the 1721 is getting tied down by this virus, or at least passing it through its interfaces? Please remember that all I have is a 1721, and I AM NOT going to spend thousands of dollars that I do not have on a PIX.

Thank you in advance...

 

[rcasta]

Check over these links,

** double headache !!

http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

 

[wybnormal]

Before you start whining about what you dont have, start using your noggin creatively. You can get Snort for free and run it under Virtual PC or VMware if you dont have a spare box. Virtual PC has a 30 day demo as does VMware which would give you the time to at least take a look at the traffic. Ethereal is free and you can use the SNort filters as the basis to build the filters for Ethereal (or any other sniffer for that matter). A second option is to wander by PureSecure and get the personal Snort based IDS which has a completely automated install script for MySQL, Apache and Snort. And yes, it runs under Virtual PC just fine. It's free for the asking so long as it's not being used commerically.

You can build some ACLs using the links mentioned in the post before this one and when you do, make sure you enable logging on the ACL to see if and how matches take place. You can also use debug to watch packets within reason.. the router is not a sniffer per say, but we can fake it on a small scale.

MikeS


Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu