no wouldn't know how to get a dump of them. yes we're logging the ACL and yes it uses some cpu but the cpu can afford it for now because the ACL has reduced cpu utilisation from 100% to apx 30%
-----Original Message----- From: Chris Wedgwood [mailto:cw(a)f00f.org] Sent: Tuesday, 7 August 2001 11:27 AM To: Philip Beckmann Cc: Barry Raveendran Greene; nznog(a)list.waikato.ac.nz; petburke(a)cisco.com; rpoll(a)cisco.com Subject: Re: Code Red - Network Impact?
On Tue, Aug 07, 2001 at 11:13:15AM +1200, Philip Beckmann wrote:
fair enough, but thru our netflow collector we find there is a large number of packets of 144bytes (apx 40,000 every 10 minutes) most of which our access-lists are dropping. We recall reading somewhere (but can't find it now to verify) that these packets were the initial probe sent prior to sending the "GET /default.ida?" query
are you able to get a dump of these packets at all? oh, and are your ACLs logging too? this can make things _very_ expensive? (in fact, you you know people using logging for ACLs, you can trivially DoS almost any cisco)
--cw The information contained in this email message may be confidential. If you are not the intended recipient, any use, distribution, disclosure or copying of this information is prohibited. If you receive this email in error, please tell us by return email and delete it and any attachments from your system.
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog