Some folks were saying:
> > It's also the signature of an IP spoofing attack. If you had
> > the actual packets logged, you could tell more certainly. I don't think
> > ciscos can log denied packets, but I may well be wrong.
> Yes, you are wrong. Add the verb 'log' to the end of an access-list
> rule and you will get the source IP address, destination IP address
> as well as the source and destination ports.
Ah, another undocumented feature (at least on _my_ UniversCD) from
the "UNIX: Wrong Choice for Firewalls" folks.
> Caveat, it is really easy to break the access-list rules and make you
> think the router is getting 'spoofed'. I know because I stupidly did
> not double check my work while I was in a hurry one afternoon.
It's really easy to break anything when the documentation is hit or miss.
Before you hit that "r" key: I use Cisco products, think the hardware,
software, and support are great, just think the doc stinks.
W.C. Epperson "I have great faith in fools.
Senior SE Self-confidence, my friends call it."
Information Security Officer --Edgar Allan Poe--
Virginia Dept. of Education