Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
2
Replies

security for cisco 805 router

rimzan
Level 1
Level 1

‎10-23-2003 07:45 PM - edited ‎03-09-2019 05:16 AM

hello there,

iam runing a smale scale internet cafe with 6 clent mechines thru a leased line conection my problem is i am geting a trafic to my router from somewhere i dont know how to trace that paticular ip it makes my router very busy it keep occuring every 2 or 3 second intreval and this makes my serfing speed very slow i sense the attack thry the routers TXD and RXD LED,s. in normal operation both LED,s blinks simulationaly when the trafic hits booth LED,s keep blinks at same time. i am having a very hard time with this problem can some one give me a good soulution for this problem?

and how to trace the ips can u sugest some kind of softwear.

please help me

thanks in advance

rimzan

Labels:
0 Helpful
2 Replies 2

wasonce_2000
Level 1
Level 1

‎10-23-2003 08:02 PM

You can create a access-list to make your router a packet sniffer to get the IP. This can be done by creating access-list 120 below and appling to your ISP side interface. Once you have the IP

you can then trace through Arin.net to the ISP and

attack it that way, or you can allow black hole the IP once you know it through the ip route command below. The access-list will usage more cpu than normal on the router so do not run for a long time.

I can or other could offer better solutions if you post your running-config. If you choose to due so please change your IP address and remove the passwords so people can not trace back to your router.

Sniffer list:

access-list 120 permit ip any any

debug ip packet list 120

Black hole IP route:

route ip attackers IP netmask null0

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to wasonce_2000

‎10-23-2003 09:14 PM

Hi,

Using a debug IP packet with access-list for permit ip any any would cause a havoc on your router. If you dont have any access-list try to make one for permit ip any any with log key word and see what you get. There are several other ways, e.g. show ip traffic, show ip cache flow. etc. provided your router supports it.

Please see the link below to harden your router.

http://www.cisco.com/warp/public/707/21.html

Especially visit these links and follow the directions to block out NACHI/Blasterm

http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents