Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
0
Helpful
2
Replies

ROUTER 3945 - ARP TABLE OVERWRITE DoS ATTACK

Go to solution
ROGER FERNANDO MAJO ZACARIAS
Level 1
Level 1

‎06-30-2012 05:44 PM - edited ‎03-07-2019 07:32 AM

Hello,

We are having problems with a two router 3945 in HSRP and a switch 2960.

The two routers are connected to the switch 2960 through differentes ports.

The problem is that we loose connection between the router and the switch.

When we excute the command: show cdp neighbor at router, it shows nothing.

If we try to make ping to the 2960 switch it is no reachable.

If we make ping to the other router 3945 it is not reachable.

All other function of the router are o.k.

We are attaching the IOS of the routers and switch 2960 and a document in which make reference to a BUG in which mention about arp overwrite due arp attack which produce DoS.

Can somebody tell me how to avoid this type of problem, please?.

thanking you in advance.

Roger Majo

Labels:
Preview file
67 KB
Preview file
288 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-01-2012 02:43 AM

To post version or other test, simply cut and paste, do not use attachments.

Other that that, update switch IOS and try again.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-01-2012 02:43 AM

To post version or other test, simply cut and paste, do not use attachments.

Other that that, update switch IOS and try again.

0 Helpful

Go to solution
ROGER FERNANDO MAJO ZACARIAS
Level 1
Level 1
In response to paolo bevilacqua

‎07-02-2012 02:58 PM

Hi Paolo,

Those router 3945 have the last IOS and have interchanged between them.

Today the process cpu at the main router has reached a 100% value.

When we disconnect the interface Giga from the switch 2960 used as core, the process cpu decrease inmediately to 10% and when we connect again the interface Giga to the switch 2960 the process inmediately reach 100%.

We are very sure that the problem is caused by internal traffic which oversubcribe tha cpu of the router.

Can you tell me what other test we can do to demonstrate that the problem is located into the user network?

Attn.

Roger Majo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card