Re: What am I seeing?

From: Mike Lewinski (mikeat_private)
Date: Tue Oct 23 2001 - 09:15:39 PDT

  • Next message: Mordechai Ovits: "Re: /BurstingScript/WriteParametersPipe.asp"

    > problem is...looks like, to me, that it is not coming from outside...thus
    > the ingress filtering will not stop it. Or am I missing something?
    Yes. You need to create an ACL to prohibit your own networks from entering
    any outside router interfaces.
    1) Create an ACL to deny your network as the source:
    access-list 100 deny ip any
    access-list 100 permit ip any any
    2) Apply it to an *external* router interface with keyword "in".
    interface Serial0
    ip access-group 100 in
    3) Check to see what it's catching:
    Border# sh ip access 100
    Optimally this is best done upstream so you're not having to pay for dropped
    packets on the metered side of a link.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 10:02:00 PDT