Access list Log interpretation.

From: Donny MATEO (donny.mateo@sg.ca-indosuez.com)
Date: Wed Oct 01 2003 - 05:02:35 GMT-3

• Next message: emad: "DNS vs. ICMP"
• Previous message: asadovnikov: "RE: 3550 IP ex pert lab Appendix E"
• Next in thread: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Donny MATEO: "RE: Access list Log interpretation."
• Maybe reply: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Donny MATEO: "RE: Access list Log interpretation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Guys,

I have a silly question. How do you digest the output of the Access-list
log ? Specially those number behind the bracket just after the IP address.
I always regards them as port number. But if this is true, the entry below
means the connection is initiated from source port 0 and destined to port
0, which is a bit strange. Since as to my limited knowledge (read dumb), I
remember port 0 as being a reserved port. And this kind of activity are
usually associated to fingerprinting attack. Does this still appy.. ?

Sep 30 15:53:34 SG: %SEC-6-IPACCESSLOGP: list eightfloorACL_IN denied udp
10.129.7.34(0) -> 10.129.7.63(0), 3 packets
Sep 30 15:53:34 SG: %SEC-6-IPACCESSLOGDP: list eightfloorACL_IN denied
icmp 10.129.7.34 -> 10.126.209.106 (0/0), 4 packets
Sep 30 15:58:14 SG: %SEC-6-IPACCESSLOGP: list eightfloorACL_IN denied tcp
10.129.7.35(0) -> 10.126.131.20(0), 1 packet

Donny

This message is for information purposes only and its content
should not be construed as an offer, or solicitation of an offer,
to buy or sell any banking or financial instruments or services
and no representation or warranty is given in respect of its
accuracy, completeness or fairness. The material is subject
to change without notice. You should take your own independent
tax, legal and other professional advice in respect of the content
of this message. This message may contain confidential or
legally privileged material and may not be copied, redistributed
or published (in whole or in part) without our prior written consent.
This email may have been intercepted, partially destroyed,
arrive late, incomplete or contain viruses and no liability is
accepted by any member of the Credit Agricole Indosuez group
as a result. If you are not the intended recipient of this message,
please immediately notify the sender and delete this message
from your computer.

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: emad: "DNS vs. ICMP"
• Previous message: asadovnikov: "RE: 3550 IP ex pert lab Appendix E"
• Next in thread: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Donny MATEO: "RE: Access list Log interpretation."
• Maybe reply: Snow, Tim: "RE: Access list Log interpretation."
• Maybe reply: Donny MATEO: "RE: Access list Log interpretation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3