Network connectivity

Unanswered Question
Sep 6th, 2003
User Badges:

I have a router that gives me exit to the Internet and since about 4 days ago when I ran the command

" sh proces " it's showing 59 % to 65 % when the norm has been 3% to 10 %.

So there is a device or several of them that are causing too much traffic due to an electronic problem or a virus or excessive use by the user. I want to know:

1. - What can I do to identify the IP or the MAC address of the device(s) that are causing this traffic?

2. - There is any kind of access-list or debug mechanism that help to identify this devices?

3. - There is an any kind of software, even if different from Cisco product tat can help me to troubleshoot this problem?

4.- By tha way, there is any way to stop or control viruses coming into the system from the router?


Thanks for any help I can have from you all


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jprada Mon, 09/08/2003 - 22:02
User Badges:

Jay

Thanks, I am looking into the links.


J.P

Anonymous (not verified) Tue, 09/09/2003 - 00:09
User Badges:

do a ip accounting on the ethernet inetrefaces and look for 92 bytes and 48 bytes packets. Lots of them comming from same hosts. If this is the case you have a virus on the source ip addresses.

To block the 92 bytes you only need an ext accesslist

deny icmp any any echo

deny icmp any any echo-reply

for the 48 bytes I'm not sure but Cisco has generated a common accesslist for these viruses search the web. The problem with thius one it thends to block alot of other traffic as well.

good luck


jprada Mon, 09/15/2003 - 00:19
User Badges:

Thanks for your response. This is the access-list created and it is in effect:


Access-list 120 Applied to Fast Ethernet0/0 to watch incoming traffic

Deny tcp any any eq 135 log

Deny udp any any eq 135 log

Deny tcp any any eq 137 log

Deny udp any any eq netbios-ns

Deny tcp any any eq 138 log

Deny udp any any eq netbios-dgm

Deny tcp any any eq 139 log

Deny udp any any eq netbios-ss

Deny tcp any any eq 445

Deny tcp any any eq 445

Deny tcp any any eq 4444

Deny tcp any any eq 4444

Deny icmp any any echo

Deny icmp any any echo-reply

Permit ip any any


So far it is producing some ip numbers and we are on it.


Actions

This Discussion