I have a router that seems to be under constant attack, or at the very least people are spoofing from it or something. I need a way to keep them off it.
The outside interface is a WIC-1ENET that is connected to a broadband connection.
Here is output from a show arp command:
The first entry is an offender, it's not mine. The bottom three are interface's external ip, next hop and dns server. The middle entries are all valid internal ip's. When I came in this morning this office complained about speed and I found about a hundred ip's like the first one listed. They are always listed as Ethernet0 which is that outside interface.
What can I do? Is there something I can do that will only allow the external ip, dns servers and next hop router on that outside interface? I do have a couple of access-groups on the router. A FromInside and FromOutside, but neither seems to affect the problem I have and I'm looking for a command or something I can add to either.
The outside interface is a WIC-1ENET that is connected to a broadband connection.
Here is output from a show arp command:
Code:
1750#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 12.166.94.217 2 0003.fdc2.e880 ARPA Ethernet0
Internet 192.168.3.59 2 0001.0368.6da0 ARPA FastEthernet0
Internet 192.168.3.58 3 0001.0209.f108 ARPA FastEthernet0
Internet 192.168.3.55 1 0040.33d2.33b6 ARPA FastEthernet0
Internet 192.168.3.53 5 000b.cd12.8b55 ARPA FastEthernet0
Internet 192.168.3.11 7 0006.5bb4.a713 ARPA FastEthernet0
Internet 192.168.3.1 - 0050.547d.51b4 ARPA FastEthernet0
Internet 192.168.3.4 2 0001.e6ac.b6c0 ARPA FastEthernet0
Internet 192.168.3.28 3 0001.0202.811d ARPA FastEthernet0
Internet 192.168.3.23 7 0001.0202.97c7 ARPA FastEthernet0
Internet 12.166.x.x - 000d.28dc.4939 ARPA Ethernet0
Internet 12.166.x.x 17 0003.fdc2.e880 ARPA Ethernet0
Internet 12.166.x.x 0 0003.fdc2.e880 ARPA Ethernet0
The first entry is an offender, it's not mine. The bottom three are interface's external ip, next hop and dns server. The middle entries are all valid internal ip's. When I came in this morning this office complained about speed and I found about a hundred ip's like the first one listed. They are always listed as Ethernet0 which is that outside interface.
What can I do? Is there something I can do that will only allow the external ip, dns servers and next hop router on that outside interface? I do have a couple of access-groups on the router. A FromInside and FromOutside, but neither seems to affect the problem I have and I'm looking for a command or something I can add to either.