Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
2
Replies

Help!Suspected intruder on IOS FW enabled router!

iamsong
Level 1
Level 1

‎09-28-2001 02:25 AM - edited ‎03-08-2019 08:47 PM

Sep 28, 2001, 2:19am Pacific

Hi,all

my problem is like this:

A router with IOS FW feature set is installed in my office.For internet access use,I implement NAT for LAN users:assigning a public IP correspondind to a scope of private ip for "overload".But I tracked suspected sessions when I use "Show ip nat translation":an unallocated public IP is being used for the NAT mapping!Meanwhile,the allocated IP is also being used for outside DNS resolution.

I'm confused about it!So I disable all outbound IP trafffic for the unallocated IP by using "Access-list".But the problem is still in persistence.

Could anyone instuct me on what's wrong with my router?Thanks!

Labels:
0 Helpful
2 Replies 2

almazana
Level 1
Level 1

‎09-28-2001 07:46 AM

NAT works and connects everything inside source, let it out. If it originated from internal, permit it back inside. You stated that you blocked outgoing connections, but you should reevaluate your approach. Traffic goes both ways across any interface, so it is wise to filter traffic both in and outbound. It may be a great deal of work, or even a long access-list, but in the long run, if it is worth securing, then go all out!

0 Helpful

iamsong
Level 1
Level 1
In response to almazana

‎09-28-2001 06:33 PM

Thanks for your reply.Yes,I do put 2-way filter traffic access-lists both on outbound/inbound interface.And also apply "ip inspect FW in" to the interfaces.This morning it's back to normal when restart router.Isn't it hard to be explained?

0 Helpful
Customers Also Viewed These Support Documents