We have added the given acl to our
cisco WS-C3560X-48T-L router
Extended IP access list 103
10 permit tcp any host 77.223.156.156 eq www log (136803 matches)
20 permit tcp any host 77.223.156.156 eq ftp log
30 permit tcp any host 77.223.156.156 eq telnet log
40 permit tcp any host 77.223.156.156 eq pop3 log
50 permit tcp any host 77.223.156.156 eq smtp log
60 permit tcp any host 77.223.156.156 eq 443 log
70 permit tcp any host 77.223.156.156 eq 3389 log (2508 matches)
80 permit tcp any host 77.223.156.156 eq domain log
90 permit udp any host 77.223.156.156 eq domain log (68 matches)
100 deny ip any host 77.223.156.156 log (5633 matches)
110 permit ip any any (24 matches)
and as you should see there is a
high match of www port and if we check it deeply ,
it seems as a ddos or botnet. should
i protect the machine from the router for syn ?
you will see multiple same ip
address.
Looks like it must be a router
feature and not a layer 3 switch feature for Cisco. WS-C3560X-48T-S Another reason to add to
the list of why l3 switches shouldn't be placed on the internet edge. Sorry
man, but you need some type of firewalling. An acl just isn't enough these
days.
For more information about Cisco products, please click here.
没有评论:
发表评论