From: Mike Stout (michaelgstout@gmail.com)
Date: Thu Jan 24 2008 - 19:30:35 ARST
Why don't you find out who is attacking you?
If you don't care, just take the log off of the access-list.
On Jan 23, 2008 8:56 AM, nhatphuc <nhatphuc@gmail.com> wrote:
> Hi Group,
>
> My router is under login attack. There're many logged messages output on
> console:
>
> Jan 23 23:40:43 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> 192.248.88.10(36752) -> 0.0.0.0(22), 1 packet
> Jan 23 23:40:44 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> 192.248.88.10(37556) -> 0.0.0.0(22), 1 packet
> Jan 23 23:40:46 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> 192.248.88.10(37737) -> 0.0.0.0 (22), 1 packet
>
> I've configured rate limit for access-list like this:
>
> ip access-list logging interval 30000
> ip access-list log-update threshold 10000
>
> But there are still many messages outputted. How can I slow it down? And
> how
> to use access-list rate limit feature? I think the parameters I configured
> are rather high but they didn't help.
>
> Thanks
>
> Phuc
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST