If you establish ACLs following the recommendations in the Cisco advisory,
and enable logging, you will see things like:
Jul 18 15:45:29 mymachine.example.com 16109: Jul 18 15:45:28.060:
%SEC-6-IPACCESSLOGNP: list 125 denied 55 abc.abc.abc.abc (POS4/1 ) ->
130.59.104.116, 1 packet
Jul 18 15:45:32 mymachine.example.com 16110: Jul 18 15:45:31.200:
%SEC-6-IPACCESSLOGNP: list 125 denied 77 def.def.def.def (POS4/1 ) ->
160.85.191.121, 1 packet
Jul 18 15:45:36 mymachine.example.com 16111: Jul 18 15:45:35.788:
%SEC-6-IPACCESSLOGNP: list 125 denied 53 ghi.ghi.ghi.ghi (POS4/1 ) ->
130.59.17.29, 1 packet
Jul 18 15:45:42 mymachine.example.com 16113: Jul 18 15:45:41.636:
%SEC-6-IPACCESSLOGNP: list 125 denied 53 jkl.jkl.jkl.jkl (POS4/1 ) ->
130.59.16.28, 1 packet
Jul 18 15:45:49 swiCE3.switch.ch 16114: Jul 18 15:45:48.632:
%SEC-6-IPACCESSLOGNP: list 125 denied 77
cheers -- tbird
--
A computer lets you make more mistakes faster than any invention in human
history - with the possible exception of handguns and tequila.
-- Mitch Ratliff
http://www.precision-guesswork.com
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 12:47:12 PDT