Re: What am I seeing?

From: Mike Lewinski (mikeat_private)
Date: Tue Oct 23 2001 - 09:15:39 PDT

Next message: Mordechai Ovits: "Re: /BurstingScript/WriteParametersPipe.asp"

Previous message: jkruser: "RE: What am I seeing?"
In reply to: jkruser: "RE: What am I seeing?"
Next in thread: Richard.Smithat_private: "Re: What am I seeing?"
Next in thread: Valdis.Kletnieksat_private: "Re: What am I seeing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> problem is...looks like, to me, that it is not coming from outside...thus
> the ingress filtering will not stop it. Or am I missing something?

Yes. You need to create an ACL to prohibit your own networks from entering
any outside router interfaces.

1) Create an ACL to deny your network as the source:

access-list 100 deny ip 64.8.0.0 0.0.0.255 any
access-list 100 permit ip any any

2) Apply it to an *external* router interface with keyword "in".

interface Serial0
ip access-group 100 in

3) Check to see what it's catching:

Border# sh ip access 100


Optimally this is best done upstream so you're not having to pay for dropped
packets on the metered side of a link.

Mike



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Mordechai Ovits: "Re: /BurstingScript/WriteParametersPipe.asp"
Previous message: jkruser: "RE: What am I seeing?"
In reply to: jkruser: "RE: What am I seeing?"
Next in thread: Richard.Smithat_private: "Re: What am I seeing?"
Next in thread: Valdis.Kletnieksat_private: "Re: What am I seeing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 10:02:00 PDT