I work as a Network Security Administrator for an ISP. We have two failover bundled PIX 525 firewalls with version 6.3(3). Recently the cpu usage of the firewall become nearly 100% denying accecss to our services from outside. After failing over to the secondary and performing sh conn command I see that there is a lot of DNS request to our DNS servers. I shutdown the secondary DNS and it seems the CPU usage of the firewall drops down a little bit. What is causing the high CPU usage? it this a DoS attack to our DNS?
Re: PIX 525 firewall version 6.3(3) high CPU usage
Try to log these packets onto a syslog and see the source IP addresses. These can be some kind of Dos attacks... you need to analyse this traffic using some kind of an intrusion detection box.
Best thing is to block all unnecessary traffic on the perimeter router using access control lists. After that , include an IPS appliance which will monitor and block all kinds of attacks and vulnarabilities. YOu can probably look for an IPS 4215 or 4240. Doing this , you will maximise the security on your network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...