From: Robert Laidlaw (laidlaw@consecro.com)
Date: Wed Jul 09 2003 - 15:16:51 GMT-3
I came across a question on my lab that I have never encountered before and
as such, I think that I did not get it right. However, it has led me to
dive deeper into the functionality that the question presented.
Q: You want to log spoofed icmp packets coming accross your frame cloud.
You want to be able to log them and see what is the most offensive spoofed
ip address. You do not want to block any traffic, just log.
This was to be placed on my HUB router in a frame cloud. What made this
difficult is that it wanted to easily see what the most spoofed ip address
was. I ended up using the unicast reverse path forwarding interface
commands but I still do not now if this is the "Correct" way to do this.
The other thing that I did not like is that when using this setup, you use
an acl to determine what happens to "bad" packets, but even if you put the
logging command in your acl, it doesn't show up in the log until you do a
clear access-list xxx . Is there another way of accomplishing this or is
this the way to go?
Any suggestions / comments are greatly appreciated.
Rob Laidlaw
laidlaw(at)consecro(dot)com
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:31 GMT-3