Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Checking port range sources on Cisco ASA 5500

One of my remote users got a nasty trojan that apparently spammed and got us listed on a spam RBL.  I know exactly which trojans are the problem, and am working on cleaning this client up, but I want to make sure none of my other clients are also infected.  Here's the description of it:

ZeuSv3 takes advantage of P2P techniques by communicating with other nodes (=infected computers) on high ports (UDP and TCP).

To find an infected computer on a NATted network you will have to search through your firewall logs for connections from/to UDP port 11245. However, any process or host sending/receiving large numbers of UDP or TCP packets on high ports (10,000 and higher) should be looked at closely.

This is exactly what I want to do.  I want to check/monitor logs for any other clients on my network tx/rx large numbers on these ports that may be infected.  What is the best way to do this in my Cisco ASA 5500?  I am somewhat familiar with cios but not sure how to do this. Thank you!

Everyone's tags (2)
553
Views
0
Helpful
0
Replies