Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL for Flooding attack

Hello

i have basic questions. if want to trace ICMP and UDP flooding attack, how can i configure router serial interface?

access-list 101 permit icmp any any echo log-input

access-list 101 permit icmp any any echo-rely log-input

access-list 101 permit udp any any eq echo log-input

access-list 101 permit udp any eq echo any log-input

is this good enough or any more detail way for this.

thanks all

3 REPLIES

Re: ACL for Flooding attack

hi

are you trying to block the icmp and udp traffic or you want them to be blocked ?

as per your config lines if you bind the same or apply the same on the serial interface it will by default deny/block all the other traffic like tcp etc., leaving except udp,icmp coz of the default deny statement at the end of all the access-lists.

so try to modify the ACLs accordingly ...

find the link which will be useful to harden the security ..

http://www.cisco.com/warp/public/707/21.html

regds

New Member

Re: ACL for Flooding attack

hi thanks for responding,,,

i knew defualt deny,,,

of course permit ip any any is gonna be.

what I am asking is how to log a udp/icmp attacking.

any more detail ACL is possible ?

New Member

Re: ACL for Flooding attack

Here is a link to a docs that talks about tracing and logging attacks. Hope this is what you are looking for.

Go to tracing section

http://www.cisco.com/warp/public/707/22.pdf

http://www.cisco.com/warp/public/707/22.html

112
Views
5
Helpful
3
Replies