Security Incidents mailing list archives
Re: What am I seeing?
From: "Mike Lewinski" <mike () rockynet com>
Date: Tue, 23 Oct 2001 10:15:39 -0600
problem is...looks like, to me, that it is not coming from outside...thus the ingress filtering will not stop it. Or am I missing something?
Yes. You need to create an ACL to prohibit your own networks from entering any outside router interfaces. 1) Create an ACL to deny your network as the source: access-list 100 deny ip 64.8.0.0 0.0.0.255 any access-list 100 permit ip any any 2) Apply it to an *external* router interface with keyword "in". interface Serial0 ip access-group 100 in 3) Check to see what it's catching: Border# sh ip access 100 Optimally this is best done upstream so you're not having to pay for dropped packets on the metered side of a link. Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What am I seeing? jkruser (Oct 23)
- <Possible follow-ups>
- RE: What am I seeing? Rob Keown (Oct 23)
- RE: What am I seeing? jkruser (Oct 23)
- Re: What am I seeing? Mike Lewinski (Oct 23)
- Re: What am I seeing? Valdis . Kletnieks (Oct 23)
- RE: What am I seeing? jkruser (Oct 23)
- Re: What am I seeing? Bill_Royds (Oct 23)
- Re: What am I seeing? Richard . Smith (Oct 23)
- Re: What am I seeing? 'Bill Scherr IV, GCIA' (Oct 25)