[nsp] Receive Access-Lists
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Jul 13 02:55:59 EDT 2004
> I put rACLs on GSRs and I see a lot of deny traffic on tcp ports 2745
> and 1025 from random IPs
>
> 1025/tcp blackjack network blackjack
>
> 2745/tcp urbisnet URBISNET
>
> Can anybody knows why this i happening and why this ports need to
> processed by the CPU?
Well, this just looks like some Worm is trying to use a W32.Beagle
backdoor on your GSR or someone is trying to exploit one of the Windows
vulnerabilities :)
The fact that the packet hits the rACL doesn't mean that the CPU is
prepared to process traffic on this port. The LC is not aware of any L4
information, it sends (almost) everything destined to the router's IP
address to the RP.
oli
More information about the cisco-nsp
mailing list