On Sat, 6 Jun 1998, Jon Lewis wrote:
> Jun 6 01:00:31 deathstar-ether 1793: %SEC-6-IPACCESSLOGP: list 113 denied
> udp 192.168.1.2(0) -> 207.30.16.10(0), 3 packets
> Jun 6 11:09:02 deathstar-ether 1794: %SEC-6-IPACCESSLOGP: list 113 denied
> udp 192.168.0.1(0) -> 205.229.54.144(0), 6 packets
> Jun 6 11:15:02 deathstar-ether 1795: %SEC-6-IPACCESSLOGP: list 113 denied
> udp 192.168.1.2(0) -> 205.245.11.10(0), 2 packets
>
> Is anyone else seeing lots of denied packets with port 0 on the dst and
> src? This looks like some sort of attack. The ones above were denied
> based on ingress filering (192.168/16 address are invalid for this port),
> but I've gotten reports from customers that they're seeing similar things
> with valid addresses and can't see how their access-lists are denying the
> packets unless it's just because the ports are invalid.
I think that if you only had a deny udp without specifying any ports
then the log entry will only show 0 for the port number. One way to
get the port number printed is to code 'deny udp any range 1 65635'
Quan,
----------------Quan Nguyen-------------McGill UNIVERSITY---------------
-o Voice (514)398-3709 Computing Center (Burnside Hall)
()/// FAX (514)398-6876 805 Sherbrooke St West, Rm 222
quan@CC.McGill.CA Montreal, Quebec H3A 2K6
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:14 EDT