Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 805 - 100% Utilization

Status
Not open for further replies.
LoveM

LoveM

MIS
Sep 14, 2001
14
BE
Hi,

Before I go any further I must state, that I know NOTHING about the Cisco 805 Router.

We have an 805 router which is connected to our ISP via a least line.

For some strange reason since yesterday at about 6pm the internet traffic has been a constant 100%.

Is there any whay I can see what is happening on the router. I have asked everyone if they are downloading anything from FTP, but everyone has said that they arn't.

According to our on-line stats for our ISP it's traffic coming into our company.

Thanks in advance;

Martin
 
Sort by date Sort by votes
Thanks for the answer Bojika, but could you please be a bit more specific.

Are you talking about the Virus, if so. I have CA InoculLan with the latest updates on all of our servers.

Thanks.
 
Upvote 0 Downvote
What he means is that your router may be getting hit by all the port 80 scanning requests from infected PCs.. this would only be true if your router is blocking the requests either through an access list or you have some firewall software setup on the router.

Other sources of CPU hogging..

bad route tables using OSPF or EIGRP (BGP would not apply here)
ARP storm from a local PC or print server
out of memory for some reason on the router
Link congestion

Mike S
Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
The arp storm is part and parcel of the code red deal.
arp whohas ?
running tcpdump on my l'ix box I can watch my webserver get pounded.
If anyone is interested I wrote a little pice of code that will parse an apache log file for nimda/code red entries and it would be easy to feed the output to a packet filter-
some of the attackers/infected boxes are pretty amusing.
it is in the linux server forum.
 
Upvote 0 Downvote
Thanks for the replies, but what I'm looking for is commands or something that I can use on the router to see exactly what it's doing. What traffic, where it's coming from etc.

I have checked all the pc's and servers and they seem to be virus free.

Thanks again.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
223
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
204
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
206
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
209
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
265
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top