ma mi devo preoccupare?

Mettete al sicuro la vostra rete!

Moderatore: Federico.Lagni

Rispondi
milaus
n00b
Messaggi: 5
Iscritto il: ven 19 mag , 2006 6:41 pm
Località: napoli
Contatta:
Contatta milaus

Codice: Seleziona tutto

348136: .May 24 22:06:34.017 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 66.36.246.142(0) -> 62.123.51.70(0), 1 packet
348137: .May 24 22:06:35.577 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 216.113.185.90(0), 1 packet
348138: .May 24 22:06:37.005 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 81.174.48.121(0) -> 62.123.51.70(0), 1 packet
348139: .May 24 22:06:38.837 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.128.234.79(0), 1 packet
348140: .May 24 22:06:41.073 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 66.230.182.98(0) -> 62.123.51.70(0), 1 packet
348141: .May 24 22:06:42.657 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.22.198.13(0), 1 packet
348142: .May 24 22:06:43.661 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 81.174.48.121(0), 1 packet
348143: .May 24 22:06:44.665 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.27.61(0) -> 62.123.51.70(0), 1 packet
348144: .May 24 22:06:46.257 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted udp
 192.168.1.2(0) -> 80.183.212.181(0), 1 packet
348145: .May 24 22:06:48.561 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 64.111.196.154(0), 1 packet
348146: .May 24 22:06:49.721 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 70.85.239.130(0), 1 packet
348147: .May 24 22:06:50.733 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 65.54.228.17(0), 1 packet
348148: .May 24 22:06:52.017 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.27.61(0), 1 packet
348149: .May 24 22:06:53.025 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted udp
 62.123.81.5(0) -> 62.123.51.70(0), 1 packet
348150: .May 24 22:06:56.321 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.27.18(0) -> 62.123.51.70(0), 1 packet
348151: .May 24 22:06:57.429 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 70.85.239.130(0), 1 packet
348152: .May 24 22:06:58.561 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.115.3(0), 1 packet
348153: .May 24 22:07:00.061 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 194.187.98.130(0) -> 62.123.51.70(0), 1 packet
348154: .May 24 22:07:00.117 PCTime: %SEC-6-IPACCESSLOGRL: access-list logging r
ate-limited or missed 1466 packets
348155: .May 24 22:07:01.621 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 62.149.228.173(0) -> 62.123.51.70(0), 1 packet
348156: .May 24 22:07:03.877 PCTime: %SEC-6-IPACCESSLOGP: list 112 permitted tcp
 87.3.195.23(0) -> 87.3.192.106(0), 1 packet
348157: .May 24 22:07:04.889 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 70.85.239.130(0) -> 62.123.51.70(0), 1 packet
348158: .May 24 22:07:05.921 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.27.18(0), 1 packet
348159: .May 24 22:07:07.793 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 212.25.179.38(0), 1 packet
348160: .May 24 22:07:08.821 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 195.22.198.32(0) -> 62.123.51.70(0), 1 packet
348161: .May 24 22:07:10.469 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 209.9.232.130(0) -> 62.123.51.70(0), 1 packet
348162: .May 24 22:07:11.557 PCTime: %SEC-6-IPACCESSLOGNP: list 1 permitted 0 0.
0.0.0 -> 192.168.1.2, 1 packet
348163: .May 24 22:07:13.373 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.22.198.32(0), 1 packet
348164: .May 24 22:07:14.445 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 82.208.61.36(0) -> 62.123.51.70(0), 1 packet
348165: .May 24 22:07:15.621 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 67.19.193.116(0), 1 packet
348166: .May 24 22:07:16.961 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.26.115(0) -> 62.123.51.70(0), 1 packet
348167: .May 24 22:07:18.045 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted udp
 192.168.1.2(0) -> 62.123.81.5(0), 1 packet
348168: .May 24 22:07:19.573 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 62.123.81.5(0), 1 packet
le access-list sono

Codice: Seleziona tutto

access-list 1 permit 192.0.0.0 0.255.255.255 log
access-list 1 permit 10.0.0.0 0.0.0.255 log
access-list 2 permit 192.0.0.0 0.255.255.255 log
access-list 2 permit 10.0.0.0 0.0.0.255 log
access-list 101 permit ip any any log
access-list 101 permit tcp any any log
access-list 101 permit udp any any log
access-list 101 permit igmp any any log
access-list 102 permit ip any any log
access-list 102 permit tcp any any log
access-list 102 permit udp any any log
access-list 102 permit igmp any any log
access-list 111 permit ip any any log
access-list 111 permit tcp any any log
access-list 111 permit udp any any log
access-list 111 permit igmp any any log
access-list 112 permit ip any any log
access-list 112 permit tcp any any log
access-list 112 permit udp any any log
access-list 112 permit igmp any any log
che significa quel log, che qualcuno dall'esterno mi usa per instradare o cosa?
Tiè
Top
Avatar utente
andrewp
Messianic Network master
Messaggi: 2199
Iscritto il: lun 13 giu , 2005 7:32 pm
Località: Roma

Che dal tuo pc apri delle connessioni verso quegli IP e l' ACL fa passare il traffico "access-list 101 permit tcp any any log"...tutto qua.Togli log da tutto.

Ciao.
Manipolatore di bit.
Top
Agif
n00b
Messaggi: 10
Iscritto il: mer 24 mag , 2006 8:50 am

Oltretutto stai loggando pure l'aria che passa su quel router rubandogli parecchio in termini di prestazioni. Il log su permit ip any any e' assolutamente inutile secondo me.
Top
delosfast
Cisco enlightened user
Messaggi: 157
Iscritto il: ven 23 giu , 2006 2:52 pm

ragazzi scusate se riesumo una discussione chiusa da due anni ma ho un dubbio molto simile a quello di milaus

su un 2611XM ho queste acl

Codice: Seleziona tutto

ip access-list standard LAN
 permit 10.10.10.10
 permit 10.10.10.11
 permit 10.10.10.12
 permit 192.168.1.110
 permit 192.168.2.0 0.0.0.255
 deny   any log
ip access-list standard MANAGEMENT
 permit 192.168.2.1
 permit *.*.*.*
 deny   any
applicate
qui

Codice: Seleziona tutto

ip nat inside source list LAN interface FastEthernet0/1 overload
e qui

Codice: Seleziona tutto

line vty 0 4
 session-timeout 600 
 access-class MANAGEMENT in
 exec-timeout 600 0
 password 7 ************
 logging synchronous
 login local
 transport preferred ssh
funziona tutto bene ma ho continuamente questo log

Codice: Seleziona tutto

.Jul  2 21:49:34.730 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets
e per continuamente intendo

Codice: Seleziona tutto

.Jul  2 21:04:34.690 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 35 packets 
.Jul  2 21:10:34.698 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 18 packets 
.Jul  2 21:16:34.737 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 16 packets 
.Jul  2 21:22:34.712 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 34 packets 
.Jul  2 21:28:34.707 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 37 packets 
.Jul  2 21:33:34.815 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets 
.Jul  2 21:38:34.863 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 29 packets 
.Jul  2 21:44:34.710 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 36 packets 
.Jul  2 21:49:34.730 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets 
.Jul  2 21:54:34.742 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 25 packets 
.Jul  2 22:00:34.773 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 17 packets 
.Jul  2 22:06:34.965 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 229 packets 
.Jul  2 22:12:34.996 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 37 packets
Top
Avatar utente
andrewp
Messianic Network master
Messaggi: 2199
Iscritto il: lun 13 giu , 2005 7:32 pm
Località: Roma

Beh...gli stai dicendo di loggare tutto quello che blocca:

deny any log


e lui lo fa :D
Manipolatore di bit.
Top
delosfast
Cisco enlightened user
Messaggi: 157
Iscritto il: ven 23 giu , 2006 2:52 pm

si si chiaro... :D

mi chiedevo cosa blocasse
Top
Avatar utente
andrewp
Messianic Network master
Messaggi: 2199
Iscritto il: lun 13 giu , 2005 7:32 pm
Località: Roma

delosfast ha scritto:si si chiaro... :D

mi chiedevo cosa blocasse
Fai un mirror, attacca uno sniffer e curiosa..
Manipolatore di bit.
Top
Rispondi

Torna a “Sicurezza”