NBAR configuration on IOS router to block Code Red Worm
class-map match-any codered
   match protocol http url “*default.ida*”
   match protocol http url “*cmd.exe*”
   match protocol http url “*root.exe”
policy-map mark-codered
   class codered
   set ip dscp 1
int serial0
   service-policy input mark-codered
int ethernet0
   ip access-group 100 out
access-list 100 deny ip any any dscp 1
access-list 100 permit ip any any