|
I have an ACL on my router to block outgoing packets destined to other machines' port 22. Yes, I did mean outgoing. We have a hacked machine we are trying to recover who is doing random port scans. The problem is that the denials on the router are causing our firewall (Netmax) to overflow its buffers and shut down. I am assuming that it is sending ICMP packs back (NDRs) and that is why it is falling all over itself. Can I get the router (2524) to simply drop the packets, without notifying the firewall that anything is not getting through??
Here is the exact ACL I implemented on the outbound port
access-list 165 deny tcp any eq 22 any log access-list 165 deny tcp any eq 513 any log access-list 165 deny tcp any eq 514 any log access-list 165 deny tcp any eq 2002 any log access-list 165 deny tcp any eq 3035 any log access-list 165 deny tcp any any eq 22 log access-list 165 deny tcp any any eq 513 log access-list 165 deny tcp any any eq 514 log access-list 165 permit tcp any any
Matthew
Carpenter, MCP, CNA, A+
|
- RE: Packet blocking Matthew Carpenter
- RE: Packet blocking David Ishmael
- RE: Packet blocking Claussen, Ken
- RE: Packet blocking Tony Rall
