[c-nsp] something a little different rfc1918 from transit networks?
Drew Weaver
drew.weaver at thenap.com
Tue Nov 13 09:45:56 EST 2007
SLOT 6:Nov 12 17:10:36.121 EST: %SEC-6-IPACCESSLOGP: list 175 denied tcp 192.168
.1.2(0) (GigabitEthernet2 ) -> ip.add.re.ss(0), 1 packet
SLOT 10:Nov 12 17:10:39.841 EST: %SEC-6-IPACCESSLOGP: list 175 denied tcp 192.16
8.1.2(0) (GigabitEthernet0 ) -> ip.add.re.ss(0), 1 packet
This is the first time I can say I've ever seen this, I'm assuming its spoofed but I'm not going to rule anything out here.
Lets say that slot 6/2 is connected to one transit carrier and slot 10/0 is connected to another transit carrier (which is the case)
I'm trying to figure out if those 192.168.1.2 packets that my ACL 175 are denying are actually SRC'd from 192.168.1.2 or they're spoofed, is there anyway to know that for sure?
Any thoughts or advice?
Thanks,
-Drew
More information about the cisco-nsp
mailing list