Also, you may want to take a look at
http://www.cisco.com/warp/public/707/21.html and see if any of these
recommendations help you.
Jaime
At 11:26 AM 02/09/2001 -0500, Eric Rozon wrote:
>Hello All,
>This morning we got hit by ICMP requests coming from 10.1.1.169. Below is
>a line from our logs:
>02/09/01 10:04 firewalld[90]: deny in eth0 56 icmp 20 254 10.1.1.169
>x.x.x.x 1 (blocked site)
>(Where x.x.x.x is our firewall). Our connection became slow.
>
>My question is: Is there a way to trace this abusive person, this being a
>private net?
>I suspect that there isn't a way. I hope that I can be corrected.
>
>Sorry if this is a newbie question. Thanks in advance for your replies.
>
>
>Eric
>
>PS: We've just included on the internet-facing interface of our routers
>the following filters to prevent this in the future:
> access-list 101 deny ip 10.0.0.0 0.255.255.255 any
> access-list 101 deny ip 172.16.0.0 0.0.255.255 any
> - [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
Jaime M. Rita, CISSP, CCNA - Manager
Applications and IP Services Group, GCOE Solutions Design Team
CA/SP Global Delivery & Solutions, Cisco Systems, Inc.
Page: 800-365-4578 / Cell: 850-572-5346 / eFax: 734-423-0553
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
