[logs] Logs from Cisco DoS

From: Tina Bird (tbird@precision-guesswork.com)
Date: Fri Jul 18 2003 - 12:33:10 PDT

  • Next message: Paul Robertson: "Re: [logs] Logs from Cisco DoS"

    If you establish ACLs following the recommendations in the Cisco advisory,
    and enable logging, you will see things like:
    
    Jul 18 15:45:29 mymachine.example.com 16109: Jul 18 15:45:28.060:
    %SEC-6-IPACCESSLOGNP: list 125 denied 55 abc.abc.abc.abc (POS4/1 ) ->
    130.59.104.116, 1 packet
    Jul 18 15:45:32 mymachine.example.com 16110: Jul 18 15:45:31.200:
    %SEC-6-IPACCESSLOGNP: list 125 denied 77 def.def.def.def (POS4/1 ) ->
    160.85.191.121, 1 packet
    Jul 18 15:45:36 mymachine.example.com 16111: Jul 18 15:45:35.788:
    %SEC-6-IPACCESSLOGNP: list 125 denied 53 ghi.ghi.ghi.ghi (POS4/1 ) ->
    130.59.17.29, 1 packet
    Jul 18 15:45:42 mymachine.example.com 16113: Jul 18 15:45:41.636:
    %SEC-6-IPACCESSLOGNP: list 125 denied 53 jkl.jkl.jkl.jkl (POS4/1 ) ->
    130.59.16.28, 1 packet
    Jul 18 15:45:49 swiCE3.switch.ch 16114: Jul 18 15:45:48.632:
    %SEC-6-IPACCESSLOGNP: list 125 denied 77
    
    cheers -- tbird
    
    --
    A computer lets you make more mistakes faster than any invention in human
    history - with the possible exception of handguns and tequila.
    
                                     -- Mitch Ratliff
    
    http://www.precision-guesswork.com
    Log Analysis http://www.loganalysis.org
    VPN http://vpn.shmoo.com
    tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 12:47:12 PDT