[nsp] funny IPACCESSLOGS log output
Gert Doering
gert at greenie.muc.de
Wed Feb 5 12:22:31 EST 2003
Hi,
one of our routers started yesterday to log access-list violations
in a funny format:
Feb 4 02:26:41 cisco 2094124: %SEC-6-IPACCESSLOGS: list 110 denied 195.30.6.0 81 packets
Feb 4 02:31:42 cisco 2094133: %SEC-6-IPACCESSLOGS: list 110 denied 195.30.6.0 239 packets
I'm kind of confused where this is coming from - the access-list 110 is
logging only with "log-input" statements (or not logging at all for
certain deny clauses), but the output above is obviously not containing
a source interface / source MAC address.
>From the counters and the address, it could be one of those lines:
deny ip 195.30.0.0 0.0.255.255 any log-input (44533 matches)
(anti-spoofing)
deny ip any 195.30.0.0 0.0.255.0 log-input (603468 matches)
(anti-smurfing)
Hmmm?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the cisco-nsp
mailing list