From: Deepesh Chouhan (deepesh@cisco.com)
Date: Fri Apr 11 2003 - 13:20:13 GMT-3
Hi
How about
inter e1/0
....
ip accounting access-violations
ip access 101 in
....
acc 101 deny icmp any any
<snip from UniverCD>
Our IP accounting support also provides information identifying IP traffic
that fails IP access lists. Identifying IP source addresses that violate IP
access lists alerts you to possible attempts to breach security. The data
also indicates that you should verify IP access list configurations. To make
this feature available to users, you must enable IP accounting of access
list violations using the ip accounting access-violations command. Users can
then display the number of bytes and packets from a single source that
attempted to breach security against the access list for the source
destination pair. By default, IP accounting displays the number of packets
that have passed access lists and were routed.
<snip>
Link
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt1/1cdip.htm#1001684
Thanks
Deepesh
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Donny MATEO
> Sent: Thursday, April 10, 2003 6:20 PM
> To: wsqccie@hotnail.com
> Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> Subject: Re: icmp accpunting issue
>
>
> How about deny ip any any log at the bottom of your access-list ?
>
> Regards,
> Donny
>
>
>
>
> "wsqccie@hotnail.
>
> com" <wsqccie To:
> <ccielab@groupstudy.com>
>
> Sent by: cc:
>
> nobody@groupstudy Subject: icmp
> accpunting issue
> .com
>
>
>
>
>
> 10-04-2003 18:17
>
> Please respond to
>
> "wsqccie@hotnail.
>
> com"
>
>
>
>
>
>
>
>
>
> I find my router are attacked with icmp from lan, how can I know
> who do this and record this log?
>
> Regards!
> Stone
>
>
>
>
>
> This message is for information purposes only and its content
> should not be construed as an offer, or solicitation of an offer,
> to buy or sell any banking or financial instruments or services
> and no representation or warranty is given in respect of its
> accuracy, completeness or fairness. The material is subject
> to change without notice. You should take your own independent
> tax, legal and other professional advice in respect of the content
> of this message. This message may contain confidential or
> legally privileged material and may not be copied, redistributed
> or published (in whole or in part) without our prior written consent.
> This email may have been intercepted, partially destroyed,
> arrive late, incomplete or contain viruses and no liability is
> accepted by any member of the Credit Agricole Indosuez group
> as a result. If you are not the intended recipient of this message,
> please immediately notify the sender and delete this message
> from your computer.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:51 GMT-3