[afnog] how to block spam activity on my router cisco 2600

Mikisa Richard rmikisa at bushnet.net
Tue Oct 18 15:51:46 EAT 2005


Hi,

think that should be for paulademola at ciscomteck.zzn.com .

Richard

Sendoro Juma wrote:

>Dear Richard,
>
>kindly do the following
>
>on privillege mode
>
>RICHARD#conf t
>
>//on your interface to LAN
>
>int fa0/0 //assuming it is fast ethernet oo
>RICHARD (config-if)#ip route-cache flow   
>
>
>give us the out put of the following command, but looking on your internal ip 
>with many connection, then we shall know the port giving problem
>RICHARD# sh  ip cache flow
>
>
>
>On Tuesday 18 October 2005 12:37, Mikisa Richard wrote:
>  
>
>>Mark Tinka wrote
>>
>>    
>>
>>>Is your upstream telling the truth from your perspective?
>>>How do they know spam is originating from your router's
>>>Ethernet interface? Are they familiar with your network
>>>topology and/or IP addressing scheme?
>>>
>>>If you have identified your router's Ethernet interface
>>>as sourcing the spam, could it be clients/servers are
>>>using the IP address on your router's Ethernet
>>>interface? NAT, perhaps? Your upstream must be able to
>>>identify a real IP address, and not relegate the source
>>>to your router.
>>>
>>>I'm curious to know why your upstream has identified your
>>>router as the source.
>>>
>>>Cheers,
>>>
>>>Mark.
>>>      
>>>
>>I have received a couple of those warning myself, turns out they
>>actually do belong to some natted clients of mine who have been hit by
>>some massive mailers.  Since most of us use NAT, all the upstream
>>provider can do is point the culprit to your block.I would do what the
>>others have said - point all SMTP traffic to one server, and perform
>>spam/Virus filtering on it.
>>
>>cheers
>>Richard
>>
>>
>>
>>_______________________________________________
>>afnog mailing list
>>    
>>
>
>  
>




More information about the afnog mailing list