Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 525 firewall version 6.3(3) high CPU usage

Dear guys,

I work as a Network Security Administrator for an ISP. We have two failover bundled PIX 525 firewalls with version 6.3(3). Recently the cpu usage of the firewall become nearly 100% denying accecss to our services from outside. After failing over to the secondary and performing sh conn command I see that there is a lot of DNS request to our DNS servers. I shutdown the secondary DNS and it seems the CPU usage of the firewall drops down a little bit. What is causing the high CPU usage? it this a DoS attack to our DNS?

Please help me on this.

regards,

1 REPLY

Re: PIX 525 firewall version 6.3(3) high CPU usage

Hello

Try to log these packets onto a syslog and see the source IP addresses. These can be some kind of Dos attacks... you need to analyse this traffic using some kind of an intrusion detection box.

Best thing is to block all unnecessary traffic on the perimeter router using access control lists. After that , include an IPS appliance which will monitor and block all kinds of attacks and vulnarabilities. YOu can probably look for an IPS 4215 or 4240. Doing this , you will maximise the security on your network.

HOpe this helps.. rate replies if found useful..

Raj

178
Views
0
Helpful
1
Replies
CreatePlease to create content