Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

security for cisco 805 router

hello there,

iam runing a smale scale internet cafe with 6 clent mechines thru a leased line conection my problem is i am geting a trafic to my router from somewhere i dont know how to trace that paticular ip it makes my router very busy it keep occuring every 2 or 3 second intreval and this makes my serfing speed very slow i sense the attack thry the routers TXD and RXD LED,s. in normal operation both LED,s blinks simulationaly when the trafic hits booth LED,s keep blinks at same time. i am having a very hard time with this problem can some one give me a good soulution for this problem?

and how to trace the ips can u sugest some kind of softwear.

please help me

thanks in advance

rimzan

2 REPLIES
New Member

Re: security for cisco 805 router

You can create a access-list to make your router a packet sniffer to get the IP. This can be done by creating access-list 120 below and appling to your ISP side interface. Once you have the IP

you can then trace through Arin.net to the ISP and

attack it that way, or you can allow black hole the IP once you know it through the ip route command below. The access-list will usage more cpu than normal on the router so do not run for a long time.

I can or other could offer better solutions if you post your running-config. If you choose to due so please change your IP address and remove the passwords so people can not trace back to your router.

Sniffer list:

access-list 120 permit ip any any

debug ip packet list 120

Black hole IP route:

route ip attackers IP netmask null0

Cisco Employee

Re: security for cisco 805 router

Hi,

Using a debug IP packet with access-list for permit ip any any would cause a havoc on your router. If you dont have any access-list try to make one for permit ip any any with log key word and see what you get. There are several other ways, e.g. show ip traffic, show ip cache flow. etc. provided your router supports it.

Please see the link below to harden your router.

http://www.cisco.com/warp/public/707/21.html

Especially visit these links and follow the directions to block out NACHI/Blasterm

http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

Thanks

Nadeem

104
Views
0
Helpful
2
Replies
CreatePlease to create content