nsp at rhanssen
Apr 19, 2012, 7:23 AM
Post #1 of 1
(235 views)
Permalink
|
|
Protecting MLX/XMR MP against attacks with IP Receive ACLs / extended ACL behaviour
|
|
Hello,
this week we had an attack directly against one of our XMR (UDP packets to
a transfer network IP).
I was looking for an CoPP-equivalant and found the "IP Receive ACLs" feature.
In sample case of "I block all UDP and allow everthing else" I would use
that config here according to the manual:
access-list 101 remark BLOCK_UDP
access-list 101 deny udp any any
access-list 102 remark ALLOW_ANYTHING_ELSE
access-list 102 permit ip any any
ip receive access-list 101 sequence 5
ip receive access-list 102 sequence 10
Manual says that default policy is "deny ip any any" (applied after last
rule).
I am wondering what exactly is matched by "ip" because other protocols are
not mentioned.
Is "ip" an equivalent for "ipv4" or more some kind of "any" in an extended
access list ?
Does the above config work or do I need a standard access list like
"access-list 50 permit any" at the end ?
Does anybody maybe already have a "known to work"-config for 0815 usage
(BGP, OSPF, VRRP) ?
kind regards
Rolf
_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp
|
