On Fri, 28 Jul 2000, Anthony Burow wrote:
[SNIP]
>
> If you want to see what is happenning on your acls in such a way that you
> can debug them, then change your final
> deny statement to include the log command:
>
> access-list 110 deny ip any any log
>
> If you are telnetting to the router you will need to issue a "term mon"
> command so that the output is shown
> on the telnet session. Otherwise if you are on the console the output will
> be there.
>
> Some FTP clients use port 21 as the source that's why you got through with
> those clients. It is likely that those clients are
> running in passive mode.
>
What can I expect to see in such log output then? Would this be a lot or
rst's to the insitial ftp syn's?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
