The 6509 is suffering the SQL Slammer Worm Attack , I want to use the ACL to block udp port 1434,
M-NS-6509-A#sh ip access-list 120
Extended IP access list 120
deny udp any any eq 1434 (2396970 matches)
permit ip any any (262219 matches)
ip address 188.8.131.52 255.255.255.252
ip access-group 120 in
but i found it seems useless although i can find the matches in show ip access-list 120, because i can still find there are larger number of flows assoctiated with this attack by openning the netflow switching. and the input rate of the interface fa3/17 are still abnormal (very high, 40Mbit/s). what's the problem is?
It's possible some of your internal hosts are already infected, and are originating a lot of this traffic outbound. You only have this ACL applied to traffic coming in from the Internet, try applying it inbound on your inside interfaces and see if that stops your internal hosts as well.
Not sure on the flows, but the input rate will still be high unless you actually fix up the machines that are infected. Just applying the ACL on the interface to block it simply prevents the worm from spreading further, but those machines are still going to be sending out a lot of packets until you fix them up.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :