Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
5
Helpful
3
Replies

ACL for Flooding attack

ikizoo4
Level 1
Level 1

‎10-05-2005 02:36 AM - edited ‎02-20-2020 09:28 PM

Hello

i have basic questions. if want to trace ICMP and UDP flooding attack, how can i configure router serial interface?

access-list 101 permit icmp any any echo log-input

access-list 101 permit icmp any any echo-rely log-input

access-list 101 permit udp any any eq echo log-input

access-list 101 permit udp any eq echo any log-input

is this good enough or any more detail way for this.

thanks all

Labels:
0 Helpful
3 Replies 3

spremkumar
Level 9
Level 9

‎10-05-2005 04:22 AM

hi

are you trying to block the icmp and udp traffic or you want them to be blocked ?

as per your config lines if you bind the same or apply the same on the serial interface it will by default deny/block all the other traffic like tcp etc., leaving except udp,icmp coz of the default deny statement at the end of all the access-lists.

so try to modify the ACLs accordingly ...

find the link which will be useful to harden the security ..

http://www.cisco.com/warp/public/707/21.html

regds

0 Helpful

ikizoo4
Level 1
Level 1
In response to spremkumar

‎10-06-2005 04:26 AM

hi thanks for responding,,,

i knew defualt deny,,,

of course permit ip any any is gonna be.

what I am asking is how to log a udp/icmp attacking.

any more detail ACL is possible ?

0 Helpful

Live2 Bicycle
Level 3
Level 3
In response to ikizoo4

‎10-10-2005 07:40 PM

Here is a link to a docs that talks about tracing and logging attacks. Hope this is what you are looking for.

Go to tracing section

http://www.cisco.com/warp/public/707/22.pdf

http://www.cisco.com/warp/public/707/22.html

Customers Also Viewed These Support Documents