RE: Packet blocking

[David Ishmael]

If I understand right, you want to drop these packets without the firewall seeing the packets coming from the router.  You can route all traffic coming from your hacked box to the loopback interface on your router which essentially drops the packets into the bit bucket.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Carpenter Sent: Monday, March 25, 2002 4:10 PM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: Packet blocking   I have an ACL on my router to block outgoing packets destined to other machines' port 22. Yes, I did mean outgoing. We have a hacked machine we are trying to recover who is doing random port scans. The problem is that the denials on the router are causing our firewall (Netmax) to overflow its buffers and shut down. I am assuming that it is sending ICMP packs back (NDRs) and that is why it is falling all over itself. Can I get the router (2524) to simply drop the packets, without notifying the firewall that anything is not getting through??   Here is the exact ACL I implemented on the outbound port   access-list 165 deny tcp any eq 22 any log access-list 165 deny tcp any eq 513 any log access-list 165 deny tcp any eq 514 any log access-list 165 deny tcp any eq 2002 any log access-list 165 deny tcp any eq 3035 any log access-list 165 deny tcp any any eq 22 log access-list 165 deny tcp any any eq 513 log access-list 165 deny tcp any any eq 514 log access-list 165 permit tcp any any   Matthew Carpenter, MCP, CNA, A+ Network Engineer and Exchange Administrator SARMA 1801 Broadway San Antonio, TX 78215