Logging denied spoofed packets

From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Jun 28 2004 - 11:21:12 GMT-3

• Next message: ccielab@cox.net: "OT: Cisco Doc CD"
• Previous message: Stephen Skinner: "RE: MSDP"
• Next in thread: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: ccienj: "Re: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi guys,

When using the ip verify unicast reverse-path <acl> commands, I want to deny
only spoofed packet but also log the denied spoofed packets.

According to the documentation,

Enables Unicast RPF on the interface. Use the list option to identify an
access list. If the access list denies network access, spoofed packets are
dropped at the interface. If the access list permits network access, spoofed
packets are forwarded to the destination address. Forwarded packets are
counted in the interface statistics. If the access list includes the logging
option, information about the spoofed packets is logged to the log server.

Based on these requirements, what should the acl look like?

If I create an acl which denies all packets (ie. 0.0.0.0/32), does that deny
all packets or only spoofed packets?

TIA, Tim

• Next message: ccielab@cox.net: "OT: Cisco Doc CD"
• Previous message: Stephen Skinner: "RE: MSDP"
• Next in thread: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: ccienj: "Re: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Maybe reply: Richard Dumoulin: "RE: Logging denied spoofed packets"
• Maybe reply: Ricardo Ferreira: "Re: Logging denied spoofed packets"
• Maybe reply: ccie2be: "Re: Logging denied spoofed packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:51 GMT-3