RE: Getting hit from 10.1.1.169

[David Ishmael]

you should also add

 

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

 

Unfortunately I don't know of a way to trace this back.  It's odd that this managed to get to you.  There shouldn't be routes out there to push these packets to you on the backbone or major peering routers.  I would consider calling your DSx provider and have them look into it.

David Ishmael, CCNA, IVCP
Senior Network Management Engineer
Windward Consulting Group, Inc.
Phone: (703) 283-7564
Pager: (888) 910-7094
eFax: (425) 969-4707
Fax: (703) 351-9428
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Rozon
Sent: Friday, February 09, 2001 11:57 AM
To: [EMAIL PROTECTED]
Subject: Getting hit from 10.1.1.169

Hello All,
This morning we got hit by ICMP requests coming from 10.1.1.169.  Below is a line from our logs:
02/09/01 10:04  firewalld[90]:  deny in eth0 56 icmp 20 254 10.1.1.169 x.x.x.x 1 (blocked site)
(Where x.x.x.x is our firewall).  Our connection became slow.

My question is:  Is there a way to trace this abusive person, this being a private net?
I suspect that there isn't a way.  I hope that I can be corrected.

Sorry if this is a newbie question.  Thanks in advance for your replies.
 

Eric

PS:  We've just included on the internet-facing interface of our routers the following filters to prevent this in the future:
 access-list 101 deny ip 10.0.0.0 0.255.255.255 any
 access-list 101 deny ip 172.16.0.0 0.0.255.255 any
 
 
  - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]