CiscoForums.it

Cisco Users Group
https://www.ciscoforums.it/

ma mi devo preoccupare?

https://www.ciscoforums.it/viewtopic.php?f=17&t=2459

Pagina 1 di 1

ma mi devo preoccupare?

Inviato: mer 24 mag , 2006 10:17 pm
da milaus

Codice: Seleziona tutto

348136: .May 24 22:06:34.017 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 66.36.246.142(0) -> 62.123.51.70(0), 1 packet
348137: .May 24 22:06:35.577 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 216.113.185.90(0), 1 packet
348138: .May 24 22:06:37.005 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 81.174.48.121(0) -> 62.123.51.70(0), 1 packet
348139: .May 24 22:06:38.837 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.128.234.79(0), 1 packet
348140: .May 24 22:06:41.073 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 66.230.182.98(0) -> 62.123.51.70(0), 1 packet
348141: .May 24 22:06:42.657 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.22.198.13(0), 1 packet
348142: .May 24 22:06:43.661 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 81.174.48.121(0), 1 packet
348143: .May 24 22:06:44.665 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.27.61(0) -> 62.123.51.70(0), 1 packet
348144: .May 24 22:06:46.257 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted udp
 192.168.1.2(0) -> 80.183.212.181(0), 1 packet
348145: .May 24 22:06:48.561 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 64.111.196.154(0), 1 packet
348146: .May 24 22:06:49.721 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 70.85.239.130(0), 1 packet
348147: .May 24 22:06:50.733 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 65.54.228.17(0), 1 packet
348148: .May 24 22:06:52.017 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.27.61(0), 1 packet
348149: .May 24 22:06:53.025 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted udp
 62.123.81.5(0) -> 62.123.51.70(0), 1 packet
348150: .May 24 22:06:56.321 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.27.18(0) -> 62.123.51.70(0), 1 packet
348151: .May 24 22:06:57.429 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 70.85.239.130(0), 1 packet
348152: .May 24 22:06:58.561 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.115.3(0), 1 packet
348153: .May 24 22:07:00.061 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 194.187.98.130(0) -> 62.123.51.70(0), 1 packet
348154: .May 24 22:07:00.117 PCTime: %SEC-6-IPACCESSLOGRL: access-list logging r
ate-limited or missed 1466 packets
348155: .May 24 22:07:01.621 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 62.149.228.173(0) -> 62.123.51.70(0), 1 packet
348156: .May 24 22:07:03.877 PCTime: %SEC-6-IPACCESSLOGP: list 112 permitted tcp
 87.3.195.23(0) -> 87.3.192.106(0), 1 packet
348157: .May 24 22:07:04.889 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 70.85.239.130(0) -> 62.123.51.70(0), 1 packet
348158: .May 24 22:07:05.921 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 207.46.27.18(0), 1 packet
348159: .May 24 22:07:07.793 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 212.25.179.38(0), 1 packet
348160: .May 24 22:07:08.821 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 195.22.198.32(0) -> 62.123.51.70(0), 1 packet
348161: .May 24 22:07:10.469 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 209.9.232.130(0) -> 62.123.51.70(0), 1 packet
348162: .May 24 22:07:11.557 PCTime: %SEC-6-IPACCESSLOGNP: list 1 permitted 0 0.
0.0.0 -> 192.168.1.2, 1 packet
348163: .May 24 22:07:13.373 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 195.22.198.32(0), 1 packet
348164: .May 24 22:07:14.445 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 82.208.61.36(0) -> 62.123.51.70(0), 1 packet
348165: .May 24 22:07:15.621 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 67.19.193.116(0), 1 packet
348166: .May 24 22:07:16.961 PCTime: %SEC-6-IPACCESSLOGP: list 111 permitted tcp
 207.46.26.115(0) -> 62.123.51.70(0), 1 packet
348167: .May 24 22:07:18.045 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted udp
 192.168.1.2(0) -> 62.123.81.5(0), 1 packet
348168: .May 24 22:07:19.573 PCTime: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
 192.168.1.2(0) -> 62.123.81.5(0), 1 packet
le access-list sono

Codice: Seleziona tutto

access-list 1 permit 192.0.0.0 0.255.255.255 log
access-list 1 permit 10.0.0.0 0.0.0.255 log
access-list 2 permit 192.0.0.0 0.255.255.255 log
access-list 2 permit 10.0.0.0 0.0.0.255 log
access-list 101 permit ip any any log
access-list 101 permit tcp any any log
access-list 101 permit udp any any log
access-list 101 permit igmp any any log
access-list 102 permit ip any any log
access-list 102 permit tcp any any log
access-list 102 permit udp any any log
access-list 102 permit igmp any any log
access-list 111 permit ip any any log
access-list 111 permit tcp any any log
access-list 111 permit udp any any log
access-list 111 permit igmp any any log
access-list 112 permit ip any any log
access-list 112 permit tcp any any log
access-list 112 permit udp any any log
access-list 112 permit igmp any any log
che significa quel log, che qualcuno dall'esterno mi usa per instradare o cosa?

Inviato: gio 25 mag , 2006 1:41 am
da andrewp
Che dal tuo pc apri delle connessioni verso quegli IP e l' ACL fa passare il traffico "access-list 101 permit tcp any any log"...tutto qua.Togli log da tutto.

Ciao.

Inviato: gio 25 mag , 2006 11:43 am
da Agif
Oltretutto stai loggando pure l'aria che passa su quel router rubandogli parecchio in termini di prestazioni. Il log su permit ip any any e' assolutamente inutile secondo me.

Inviato: mer 02 lug , 2008 9:38 pm
da delosfast
ragazzi scusate se riesumo una discussione chiusa da due anni ma ho un dubbio molto simile a quello di milaus

su un 2611XM ho queste acl

Codice: Seleziona tutto

ip access-list standard LAN
 permit 10.10.10.10
 permit 10.10.10.11
 permit 10.10.10.12
 permit 192.168.1.110
 permit 192.168.2.0 0.0.0.255
 deny   any log
ip access-list standard MANAGEMENT
 permit 192.168.2.1
 permit *.*.*.*
 deny   any
applicate
qui

Codice: Seleziona tutto

ip nat inside source list LAN interface FastEthernet0/1 overload
e qui

Codice: Seleziona tutto

line vty 0 4
 session-timeout 600 
 access-class MANAGEMENT in
 exec-timeout 600 0
 password 7 ************
 logging synchronous
 login local
 transport preferred ssh
funziona tutto bene ma ho continuamente questo log

Codice: Seleziona tutto

.Jul  2 21:49:34.730 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets
e per continuamente intendo

Codice: Seleziona tutto

.Jul  2 21:04:34.690 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 35 packets 
.Jul  2 21:10:34.698 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 18 packets 
.Jul  2 21:16:34.737 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 16 packets 
.Jul  2 21:22:34.712 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 34 packets 
.Jul  2 21:28:34.707 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 37 packets 
.Jul  2 21:33:34.815 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets 
.Jul  2 21:38:34.863 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 29 packets 
.Jul  2 21:44:34.710 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 36 packets 
.Jul  2 21:49:34.730 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 31 packets 
.Jul  2 21:54:34.742 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 25 packets 
.Jul  2 22:00:34.773 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 17 packets 
.Jul  2 22:06:34.965 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 229 packets 
.Jul  2 22:12:34.996 MET: %SEC-6-IPACCESSLOGNP: list LAN denied 0 IP.EST.ERN.O -> 0.0.0.0, 37 packets

Inviato: gio 03 lug , 2008 8:38 am
da andrewp
Beh...gli stai dicendo di loggare tutto quello che blocca:

deny any log


e lui lo fa :D

Inviato: gio 03 lug , 2008 9:41 am
da delosfast
si si chiaro... :D

mi chiedevo cosa blocasse

Inviato: gio 03 lug , 2008 2:32 pm
da andrewp
delosfast ha scritto:si si chiaro... :D

mi chiedevo cosa blocasse
Fai un mirror, attacca uno sniffer e curiosa..
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it