From: wsqccie@hotnail.com
Date: Sat Apr 12 2003 - 10:57:00 GMT-3
I think it is OK.
----- Original Message -----
From: "Deepesh Chouhan" <deepesh@cisco.com>
To: "Donny MATEO" <donny.mateo@sg.ca-indosuez.com>; "wsqccie@hotnail.com" <wsqccie@hotmail.com>
Cc: <ccielab@groupstudy.com>; <nobody@groupstudy.com>
Sent: Saturday, April 12, 2003 12:20 AM
Subject: RE: icmp accpunting issue
> Hi
>
> How about
>
> inter e1/0
> ....
> ip accounting access-violations
> ip access 101 in
> ....
>
> acc 101 deny icmp any any
>
> <snip from UniverCD>
> Our IP accounting support also provides information identifying IP traffic
> that fails IP access lists. Identifying IP source addresses that violate IP
> access lists alerts you to possible attempts to breach security. The data
> also indicates that you should verify IP access list configurations. To make
> this feature available to users, you must enable IP accounting of access
> list violations using the ip accounting access-violations command. Users can
> then display the number of bytes and packets from a single source that
> attempted to breach security against the access list for the source
> destination pair. By default, IP accounting displays the number of packets
> that have passed access lists and were routed.
> <snip>
> Link
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
> /ipcprt1/1cdip.htm#1001684
>
> Thanks
> Deepesh
>
>
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Donny MATEO
> > Sent: Thursday, April 10, 2003 6:20 PM
> > To: wsqccie@hotnail.com
> > Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> > Subject: Re: icmp accpunting issue
> >
> >
> > How about deny ip any any log at the bottom of your access-list ?
> >
> > Regards,
> > Donny
> >
> >
> >
> >
> > "wsqccie@hotnail.
> >
> > com" <wsqccie To:
> > <ccielab@groupstudy.com>
> >
> > Sent by: cc:
> >
> > nobody@groupstudy Subject: icmp
> > accpunting issue
> > .com
> >
> >
> >
> >
> >
> > 10-04-2003 18:17
> >
> > Please respond to
> >
> > "wsqccie@hotnail.
> >
> > com"
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I find my router are attacked with icmp from lan, how can I know
> > who do this and record this log?
> >
> > Regards!
> > Stone
> >
> >
> >
> >
> >
> > This message is for information purposes only and its content
> > should not be construed as an offer, or solicitation of an offer,
> > to buy or sell any banking or financial instruments or services
> > and no representation or warranty is given in respect of its
> > accuracy, completeness or fairness. The material is subject
> > to change without notice. You should take your own independent
> > tax, legal and other professional advice in respect of the content
> > of this message. This message may contain confidential or
> > legally privileged material and may not be copied, redistributed
> > or published (in whole or in part) without our prior written consent.
> > This email may have been intercepted, partially destroyed,
> > arrive late, incomplete or contain viruses and no liability is
> > accepted by any member of the Credit Agricole Indosuez group
> > as a result. If you are not the intended recipient of this message,
> > please immediately notify the sender and delete this message
> > from your computer.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:51 GMT-3