Re: What am I seeing?
From: Mike Lewinski (mike@rockynet.com)Date: 10/23/01
- Previous message: Rob Keown: "RE: What am I seeing?"
- In reply to: jkruser: "RE: What am I seeing?"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: What am I seeing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <009101c15bdd$f5048a20$e25f753f@domain.com> From: "Mike Lewinski" <mike@rockynet.com> To: <incidents@securityfocus.com> Subject: Re: What am I seeing? Date: Tue, 23 Oct 2001 10:15:39 -0600
> problem is...looks like, to me, that it is not coming from outside...thus
> the ingress filtering will not stop it. Or am I missing something?
Yes. You need to create an ACL to prohibit your own networks from entering
any outside router interfaces.
1) Create an ACL to deny your network as the source:
access-list 100 deny ip 64.8.0.0 0.0.0.255 any
access-list 100 permit ip any any
2) Apply it to an *external* router interface with keyword "in".
interface Serial0
ip access-group 100 in
3) Check to see what it's catching:
Border# sh ip access 100
Optimally this is best done upstream so you're not having to pay for dropped
packets on the metered side of a link.
Mike
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Rob Keown: "RE: What am I seeing?"
- In reply to: jkruser: "RE: What am I seeing?"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: What am I seeing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
