This morning we got hit by ICMP requests coming from 10.1.1.169. Below is a line from our logs:
02/09/01 10:04 firewalld[90]: deny in eth0 56 icmp 20 254 10.1.1.169 x.x.x.x 1 (blocked site)
(Where x.x.x.x is our firewall). Our connection became slow.
My question is: Is there a way to trace this abusive person, this
being a private net?
I suspect that there isn't a way. I hope that I can be corrected.
Sorry if this is a newbie question. Thanks in advance for your
replies.
Eric
PS: We've just included on the internet-facing interface of our
routers the following filters to prevent this in the future:
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.0.255.255 any
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
