[nsp] access-list log entry question
Bulger, Tim
TBulger@ea.com
Fri, 6 Dec 2002 03:01:07 -0800
The 255 refers to the IP protocol ID, (tcp=6, udp=17, etc.)... You
normally only see this with unusual IDs like IP/IP and GRE. 255 is a
mystery to me though.
-----Original Message-----
From: Greg Pendergrass [mailto:greg@band-x.com]
Sent: Thursday, December 05, 2002 10:42 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] access-list log entry question
I got this log entry on a 7513:
Dec 5 16:46:58.996 EST: %SEC-6-IPACCESSLOGNP: list monitor-IP permitted
255
x.x.x.x -> y.y.y.y, 493066 packets
I put an access list on an interface to monitor the traffic from a
customer,
a simple permit ip any any log, and I got this entry today. What does
the
255 mean? Some lines have tcp, some have udp, some have icmp, but not
255. I
suspect it's some sort of dDOS traffic, can anyone confirm that?
Thanks,
Greg
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/