Anti Spoofing ACLS [7:10123]

Wed, 27 Jun 2001 10:46:44 -0700 

hello all,

i was trying to play around with anti-spoofing ACLS on one of our test
routers connected to our upstream ISP ... i logged the denials of the
anti-spoofing acls and i saw a whole of bunch of info but i am @ a loss as
to what is happening in some cases ... this is what i applied:

access-list 110 permit ip a.b.c.0 0.0.0.255 any
access-list 110 deny ip any any log-input
int ser1/1
ip access-group 110 out


[my net ips are a.b.c/24]

Jun 27 02:23:43 a.b.c.1 2501:6w5d: %SEC-6-IPACCESSLOGP: list 110 denied tcp
192.168.0.5(0) (FastEthernet0/1 MAC ADDR) -> 209.50.251.85(0), 1 packet
Jun 27 02:23:48 a.b.c.1 2502: 6w5d: %SEC-6-IPACCESSLOGP: list 110 denied tcp
192.168.0.10(0) (FastEthernet0/1 MAC ADDR) -> 204.71.177.23(0), 1 packet
Jun 27 02:25:58 a.b.c.1 2505: 6w5d: %SEC-6-IPACCESSLOGP: list 110 denied tcp
192.168.0.12(0) (FastEthernet0/1 MAC ADDR) -> 64.124.42.135(0), 2 packets

--> in this case i guess someone behind my fastethernet 0/1 is trying to
send packets from RFC1918 addr to 209.50.251.85, 204.71.177.23 &
64.124.42.135 respectively ... Am i right ??? what is the (0) stand for -
port # ???

Jun 27 02:14:23 a.b.c.1 2474: 6w5d: %SEC-6-IPACCESSLOGP: list 110 denied udp
202.163.101.37(0) (Serial1/1 *HDLC*) -> 195.229.12.128(0), 1 packet
Jun 27 02:14:24 a.b.c.1 2475: 6w5d: %SEC-6-IPACCESSLOGP: list 110 denied udp
202.163.101.37(0) (Serial1/1 *HDLC*) -> a.b.c.145(0), 1 packet
Jun 27 02:14:25 a.b.c.1 2476: 6w5d: %SEC-6-IPACCESSLOGP: list 110 denied udp
202.163.101.37(0) (Serial1/1 *HDLC*) -> a.b.c.163(0), 1 packet

what do these mean ??? is it that someone from 202.163.101.37 is scanning my
block ??? but how do these show up shouldn't they show up when i apply an
ACL inbound on the ser 1/1 ???

any explanations will be appreciated ... 

thanks !
--
Derek






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10123&t=10123
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to