[c-nsp] Filtering TCP NULL packets

Jim Devane jdevane at nevadanap.com
Mon Jul 23 10:19:30 EDT 2007

Previous message: [c-nsp] Ignoring / limiting 239.255/16
Next message: [c-nsp] Filtering TCP NULL packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
 
    I am seeing a large increase in TCP NULL packets over our network. I
am looking for suggestions on effective ways to block this traffic.
I have considered ACL'ing something like this:
 
ip access-list extended test
 deny   tcp any any match-all -ack -fin -psh -rst -syn -urg
 permit ip any any
 
What other methods might be more effective?
 
thanks,
jim

Previous message: [c-nsp] Ignoring / limiting 239.255/16
Next message: [c-nsp] Filtering TCP NULL packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the cisco-nsp mailing list