Hi Pieter I have put the access-list in outbound direction on the interface through the attacker traffic in entering the router.
With regards Kings On Tue, Apr 27, 2010 at 4:39 PM, Pieter-Jan Nefkens < [email protected]> wrote: > Hi Kings, > > To which route-map / interface do you have the access-list attached? The > outbound interface from where the attacker originates? And if so, is the > access-list attached outbound? > > Bear in mind, that if the null0 interface sends unreachable packets, they > will get routed normally and thus the access-list should be set on an > outbound flow. > > Have you read the blackhole pdf at cisco.com? > It's available at: > http://www.cisco.com/web/about/security/intelligence/blackhole.pdf > > HTH > > Pieter-Jan > On 27 apr 2010, at 09:03, Kingsley Charles wrote: > > Hi all > > With RTBH, if I need check for the number of packets that is from the > attacker. I configure the following: > > access-list 123 permit icmp any any unreachables log > access-list 123 permit ip any any > > logging on > logging host or buffered > > > The null 0 interface is not configured for "no ip unreachables". > > > The access-list is associated to interfaces of the edge router running > BGP that gets the incoming traffic from the attacker. > > But I don't see the unreachables matching the ACL. The counter is "0". > > Any idea? > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > Tel: +31 183 634730 > > Fax: +31 183 690113 > > Cell: +31 654 323221 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > Think before you print. > > > > >
<<green.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
