×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Help me for the router suffered by the Virus.

Unanswered Question
May 5th, 2002
User Badges:

Experts

One of our client (a Little Service Provider) use a 7204vxr as there

Internet Access Router, they use NAT for their clients, but recently,

the router is always suffered by High CPU Utilization, when they use the

command "show ip nat trans" , a big amount of connection with the same

src & dst ip address are found, maybe caused by RedCode or the Virus

similar, when use "clear ip nat trans *" the CPU Utilization dived down ,

My problem is how to resolve it efficiently?


Thanks in advance

Bryan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
waltersm Mon, 05/06/2002 - 03:14
User Badges:

Bryan

The best idea is probably to apply an ACL on the LAN interface refusing traffic using that dst and src - just until you can clean up the infected machine.. This will at least keep it from using up CPU.. Better still: take that machine offline :)

-Matt

crgarcia3 Mon, 05/06/2002 - 05:37
User Badges:

You may want to check the problem against a recent bug release on the 7200 VXR routers:


The link:


Title: Field Notice: Mueslix Halts on Cisco 7200 Series Routers


URL: http://www.cisco.com/warp/customer/770/fn18950.shtml


Posted: April 25, 2002


Summary: On a Cisco 7200 Router, when the mueslix serial port

adapters are used with a high bandwith port adapter (like ATM)

in the same PCI bus, the serial interface may stop functioning

when NVRAM is accessed. This can occur when the interface traffic

rates reach approximately 50 percent on the serial and high

bandwidth interfaces.


Hope the above information will be able to assist you.


C


Actions

This Discussion