Some OT questions from a mild noob about an IP network
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Buster, Cisco IOS router, T1 connection. But it probably doesn't matter.
I have a /31 transit net (n.n.n.40 to 43) to my ISP. I had everything to/from that net allowed, but I was getting strange hits to odd ports. So, in the border ACL, I allowed 41 and 42, then blocked the entire net to see what was going on. Now I see no traffic on 41 or 42, but lots of activity on 40 and 43 (the edges, that my understanding says aren't used for anything on the transit net).
This ACL is attached to the Internet facing input of the router.
If you can read this, my net seems to be working fine.
Homework: I asked my ISP (last week and no reply yet). I've looked at the web and at my books on IP networking. I couldn't find an answer.
Question 0: Why are IPs 41 and 42 not showing any activity? My current guess is that traffic on those IPs hits the Internet interface and is sucked up before the packets get to the ACL.
Question 1: Have I done something untoward and the ISP is trying to do something with the edges (their alive probes use ICMP to an IP on my T1 net), or are the edges being hit by script kiddies? Or something else that I don't understand at all?
Question 2: Since I see nothing happening on the important IPs, can I just not say anything one way or the other about the transit net and let those packets hit the end of the ACL and be denied?
--
Glenn English
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsBcBAEBCAAGBQJfGzk/AAoJEObKK1bRaqt3suAH/jMzBfAkEN6r0TqOJGva
7DA5pOMnBOjEKCRUNTUjdndLMyVkn5gmAKv7DlHswM4VUFz/U1tebpp6JXXo
fxEmuEfxLV25AMt09MwNO/upufRKa7XzoOVPPwfgDONtjK82Ggv3p4ZT2ZN3
D6VuxqJ22zC8+Uc13E9fy3TL6JSI5ERnRqRq+sAZv3Vvxq9lX8xQEDNhr+zK
1q6kTsQFaHCu/nJeJRZFDE95e4NT6od3cKoAQR1jU2MTB187DKynPCW24FGr
DoWWLdMLdAg4ooaKgR9938GRk6fTcja7Rpkjyqta8VM1MzTdF07GK2lVBv9R
jTLJEZWApxBu3wZOwHep9CE=
=cakC
-----END PGP SIGNATURE-----
Reply to: