?
Solved

Suspicious ACL in router config

Posted on 2007-08-11
5
Medium Priority
?
340 Views
Last Modified: 2010-04-17
I'm not very acl or router savvy so I bring this to you for an explanation.  I am looking at the ACL's in our router and see a large number of hits on one line of the acl that I don't understand.  Our public IP space is X.140.0.0/16 using  private inside addresses. This looks extremely suspicious to me.  should I be seeing this many hits on a deny statement? Should I be concerned?  If so, how do I fix this situation?

 
 20 deny ip X.140.0.0 0.0.63.255 X.140.0.0 0.0.63.255 (12311 matches)
 
0
Comment
Question by:Jelonet
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 19678211
It depends on which direction the traffic is flowing through. Can you paste your configuration here (sanitized of course)

Cheers,
Rajesh
0
 

Author Comment

by:Jelonet
ID: 19678268
I cant paste the config here but this acl is for internet to inside "ip access-group OUTSIDE_INSIDE in" is on the s0/0 facing ISP
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 19678363
In that case, obviously as you can see both the source and network range belongs to you. There is only one attack that I know is of that type which is land attack.

Cheers,
Rajesh
0
 
LVL 4

Accepted Solution

by:
adnanmig earned 600 total points
ID: 19678462
Hello There,

Your ACL is blocking any traffic from and to part of your Public IP addess range.To be precise, from X.140.0.1 to X.140.63.254. Actually the destination in your case (which is the same as source) does not make sense since your are using private network addresses inside. this command can only be usefull if you have assigned that block somewhere and you dont want any connectivity with that segment from your network through the s0/0.

regards,
0
 

Author Comment

by:Jelonet
ID: 19695793
Sorry I couldn't get back here until now.  I'll have to do a little more research on the ip address scheme.  Thank you for your responses.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question