NBAR configuration
on IOS router
to block Code Red Worm
class-map match-any
codered
match protocol http url “*default.ida*”
match protocol http url “*cmd.exe*”
match protocol http url “*root.exe”
policy-map
mark-codered
class codered
set ip dscp 1
int serial0
service-policy input mark-codered
int ethernet0
ip access-group 100 out
access-list 100 deny ip any
any dscp 1
access-list 100 permit ip
any any