Charles Steinkuehler wrote:
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
That catches IGMP, IGRP, EIGRP, and probably others. As you'd
expect, this is in the same reduce my log noise section of
Michael D. Schleif wrote:
However, how do I silently deny anything from any source that is
destined for 255.255.255.255 ???
Since ATT Broadband moved me to the new network, I am flooded with this
crap:
PROTO=17 12.242.20.50:67 255.255.255.255:68
What do you think?
That's the
Michael:
I'm sure it's possible with SILENT_DENY, I just
don't use it. Charles will be able to provide details,
no doubt.
Here's the relevant portion from the echoWall
rules file. Hope it helps!
-Scott
# -- next, block reserved-address traffic, a-la CIAC alert K-032
# --
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
That catches IGMP, IGRP, EIGRP, and probably others. As you'd
expect, this is in the same reduce my log noise section of
echowall.rules.
And, what is the best way
We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card.
We are receiving a plethora of these:
kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535
224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x T=2 (#39)
Yes, we know that protocol 88 is EIGRP.
No, Ethernet
[SMTP:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 4:09 PM
To: LEAF
Subject:[Leaf-user] EIGRP (88) protocol ???
We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card.
We are receiving a plethora of these:
kernel: Packet log: input DENY wan PROTO=88 x.y.z.158
kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535
224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x T=2 (#39)
Yes, we know that protocol 88 is EIGRP.
No, Ethernet http://www.echogent.com/cgi-bin/fwlog.pl does not
recognize this.
[1] Does this represent a problem? Or, is this a
Charles, thank you!
Charles Steinkuehler wrote:
kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535
224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x T=2 (#39)
Yes, we know that protocol 88 is EIGRP.
No, Ethernet http://www.echogent.com/cgi-bin/fwlog.pl does not
recognize this.
Michael:
Heya. Thanks for the packet log, am updating fwlog.pl
to include an awareness of protocol 88. It knew about regular
IGRP (IP protocol 9) but not this one. :)
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
Scott C. Best wrote:
Heya. Thanks for the packet log, am updating fwlog.pl
to include an awareness of protocol 88. It knew about regular
IGRP (IP protocol 9) but not this one. :)
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D
10 matches
Mail list logo