1–1011–18

Cisco Router Halp!

From: Ken (SHIELDSIT) 6 Jul 2011 14:46
To: ALL1 of 18
38684.1
I know I've asked before but is anyone very good with the Cisco stuff?

I appear to be getting DDOS'd or something. And I can't get the web interface to load at all on the router. The WAN connection is dropping and I'm getting the following messages:

quote:

*Oct 12 01:28:16.983: %FW-4-ALERT_ON: getting aggressive, count (9/500) current 1-min rate: 501
*Oct 12 01:28:35.147: %FW-4-ALERT_OFF: calming down, count (7/400) current 1-min rate: 320


From what I can tell from the limited internet I have is that this is coming from the firewall. Which I don't even want enabled. Hence the reason I'd like to load the interface and turn it off.

Any idears?
Reply
0/0
From: Wattsy (SLAYERPUNX) 6 Jul 2011 15:23
To: Ken (SHIELDSIT) 2 of 18
38684.2 In reply to 38684.1
Connect via console?
Reply
0/0
From: Ken (SHIELDSIT) 6 Jul 2011 15:31
To: Wattsy (SLAYERPUNX) 3 of 18
38684.3 In reply to 38684.2
Yeah I am and I've got a syslog server running now. It shows that I'm getting loads of traffic. On the phone with my ISP right now.
Reply
0/0
From: Ken (SHIELDSIT) 6 Jul 2011 15:33
To: Wattsy (SLAYERPUNX) 4 of 18
38684.4 In reply to 38684.2
HA, their answer is to unplug all of my equipment. Which isn't bad when it's not during work hours. Fuck...
Reply
0/0
From: Wattsy (SLAYERPUNX) 6 Jul 2011 15:51
To: Ken (SHIELDSIT) 5 of 18
38684.5 In reply to 38684.4

Excellent way to fix it, you obviously don't need that expensive cisco stuff cluttering up the place.

 

I honestly can't not remember what to change, sat on a hospital bed with a drip so don't have my resources infront of me. Will have a look when I get home.

Reply
0/0
From: Ken (SHIELDSIT) 6 Jul 2011 15:56
To: Wattsy (SLAYERPUNX) 6 of 18
38684.6 In reply to 38684.5
Oh shit, what's wrong?
Reply
0/0
From: Wattsy (SLAYERPUNX) 6 Jul 2011 16:06
To: Ken (SHIELDSIT) 7 of 18
38684.7 In reply to 38684.6
Oh just routine treatment for my kidney disease. Iv fed steroids, Mmmmm yummy. Erg. Month 5 now. Not going to well either.
Reply
0/0
From: Ken (SHIELDSIT) 6 Jul 2011 16:31
To: Wattsy (SLAYERPUNX) 8 of 18
38684.8 In reply to 38684.7
Well that blows!

(hug)
Reply
0/0
From: Wattsy (SLAYERPUNX) 6 Jul 2011 17:36
To: Ken (SHIELDSIT) 9 of 18
38684.9 In reply to 38684.8
And sucks at the same time.
Reply
0/0
From: Ken (SHIELDSIT) 6 Jul 2011 18:39
To: Wattsy (SLAYERPUNX) 10 of 18
38684.10 In reply to 38684.9
No doubt! Well I found the culprit. Bad nic or infect machine at one of the remote sites was flooding the wan. No idea how I figured it out.
Reply
0/0
From: Serg (NUKKLEAR) 7 Jul 2011 09:24
To: Ken (SHIELDSIT) 11 of 18
38684.11 In reply to 38684.10
Hunches are wonderful things - you get more and more of them as you age... er, I mean as you become more experienced.
Reply
0/0
From: 99% of gargoyles look like (MR_BASTARD) 7 Jul 2011 09:57
To: Serg (NUKKLEAR) 12 of 18
38684.12 In reply to 38684.11
try telling that to Quasimodo.
Reply
0/0
From: Serg (NUKKLEAR) 7 Jul 2011 11:50
To: 99% of gargoyles look like (MR_BASTARD) 13 of 18
38684.13 In reply to 38684.12
I'm starting to see Drew's point...
Reply
0/0
From: Ken (SHIELDSIT) 7 Jul 2011 12:54
To: Serg (NUKKLEAR) 14 of 18
38684.14 In reply to 38684.11
It was infected. Hard for me to believe that was the cause, but I guess I'll find out today.
Reply
0/0
From: patch 7 Jul 2011 13:16
To: Ken (SHIELDSIT) 15 of 18
38684.15 In reply to 38684.14

Your hunch was infected? Messy.

 

Google seems to suggest that it may have something to do with Kazaa or some such P2P application.

Reply
0/0
From: Ken (SHIELDSIT) 7 Jul 2011 13:25
To: patch 16 of 18
38684.16 In reply to 38684.15
I'm usually infected with something :-P

I've seen this happen with bad NIC's but that doesn't seem to be the case. As soon as I turned it on here at the office it came up as infected. Cleaning it up now.
Reply
0/0
From: 99% of gargoyles look like (MR_BASTARD) 7 Jul 2011 17:10
To: Serg (NUKKLEAR) 17 of 18
38684.17 In reply to 38684.13
Oi, don't get the hump with me!
Reply
0/0
From: Ken (SHIELDSIT) 7 Jul 2011 17:19
To: Serg (NUKKLEAR) 18 of 18
38684.18 In reply to 38684.13
I meant to laugh at this, because when I read it it did make me chuckle. So...

:'-D
Reply
0/0