Re: [OSL | CCIE_Security] Accounting for attackers packet

[Pieter-Jan Nefkens]

Hi Kings, To which route-map / interface do you have the access-list attached?  The outbound interface from where the attacker originates? And if so, is the access-list attached outbound? Bear in mind, that if the null0 interface sends unreachable packets, they will get routed normally and thus the access-list should be set on an outbound flow. Have you read the blackhole pdf at cisco.com?  It's available at: http://www.cisco.com/web/about/security/intelligence/blackhole.pdf HTH Pieter-Jan On 27 apr 2010, at 09:03, Kingsley Charles wrote: Hi all   With RTBH, if I need check for the number of packets that is from the attacker. I configure the following:   access-list 123 permit icmp any any unreachables log access-list 123 permit ip any any   logging on logging host or buffered     The null 0 interface is not configured for "no ip unreachables".     The access-list is associated to interfaces of the edge router running BGP that gets the incoming traffic from the attacker.   But I don't see the unreachables matching the ACL. The counter is "0".   Any  idea?     With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com