[nsp] denied tcp 192.192.1.202(0) -> 192.224.164.70(0)

pankaj pankaj@worldgatein.net
Sat, 10 Aug 2002 20:37:25 +0530


Thanks Reinhold

Its ok, now leave the port issue.
This packet has been denied because of the access list (only allow the
ips-private which I assigned to or I assigned to my
customer-serial1/1)
Now questions?
WhileI am getting this (serial0/1 *PPP*) on another routers log.
Aug  5 19:54:29 router2 51596: 9w3d: %SEC-6-IPACCESSLOGP: list 100
denied udp 192.168.1.112(7077) (Serial0/1 *PPP*) -> 10.10.10.23(53), 1
packet

Why I am not getting Serial port number in this logs??
> > Aug  9 20:16:21 router1 35465: Aug  9 20:37:29.731:
> > %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.4.55 ->
> > 204.152.190.70 (0/0), 1 packet
> >
> > Aug  9 20:15:48 router1 35459: Aug  9 20:36:56.243:
> > %SEC-6-IPACCESSLOGP: list 101 denied tcp 192.192.1.202(0) ->
> > 192.224.164.70(0), 1 packet

Second question is I want to trace why this packets coming to me or I
want to find out what excatly this packet is , I mean how can I help
my customer to trace why this is happening, Cause before yesterday  it
was normal and since from yesterday only this is happenning.
Fot the time being I told him to shutdown that machine, and its stop
coming obviously.
But I am eager to trace is the broadcast packet, or because of virus
like codered, nimda ...etc.


--pankaj




----- Original Message -----
From: "Reinhold Fischer" <rfischer@flexnetworks.de>
To: "pankaj" <pankaj@worldgatein.net>
Cc: <cisco-nsp@puck.nether.net>
Sent: Friday, August 09, 2002 9:23 PM
Subject: Re: [nsp] denied tcp 192.192.1.202(0) -> 192.224.164.70(0)


> pankaj,
>
> if your accesslist line specifies the ports then the ports get
> also listed in the log entry. In your case the accesslist line does
> probably not specify the port to match at, thats why IOS is not
> reading 'deep enough' into the packet and is not able to tell you
> the tcp port of the packet ...
>
> regards
>
> reinhold
>
> On Fri, 9 Aug 2002, pankaj wrote:
>
> > Hi all,
> >
> > Aug  9 20:16:21 router1 35465: Aug  9 20:37:29.731:
> > %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.4.55 ->
> > 204.152.190.70 (0/0), 1 packet
> >
> > Aug  9 20:15:48 router1 35459: Aug  9 20:36:56.243:
> > %SEC-6-IPACCESSLOGP: list 101 denied tcp 192.192.1.202(0) ->
> > 192.224.164.70(0), 1 packet
> >
> >
> > My access list denied this packets what does it mean , is this
> > broadcast packet?
> > is (0) means which port does it indicate?
> >
> >
> > Thanks
> > pankaj
> >
> > _______________________________________________
> > cisco-nsp mailing list  real_name)s@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>