https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751002#M179161 <P>I have been informed by my ISP that a botnet has been detected and the ip address is the Global PAT address. how do i trace the source ip?&nbsp;</P> Tue, 12 Mar 2019 06:32:03 GMT mickyq 2019-03-12T06:32:03Z https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751002#M179161 <P>I have been informed by my ISP that a botnet has been detected and the ip address is the Global PAT address. how do i trace the source ip?&nbsp;</P> Tue, 12 Mar 2019 06:32:03 GMT https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751002#M179161 mickyq 2019-03-12T06:32:03Z https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751003#M179162 <P>Probably it's not possible any more. What do you need:</P><OL><LI>An exact timestamp from the event and if possible the destination-address/port.</LI><LI>Your firewall-log showing which PC was communicating at that moment with the destination.</LI><LI>If you are using DHCP, you also need a DHCP-log to see which internal system was using that IP at that time.</LI></OL><P>Perhaps it's time to migrate to <A href="http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html">ASA with FirePOWER</A>.</P> Wed, 02 Sep 2015 12:29:52 GMT https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751003#M179162 Karsten Iwen 2015-09-02T12:29:52Z https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751004#M179163 <P>Thanks Karsten</P><P>I'll put that on my Christmas wish list <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P> Wed, 02 Sep 2015 14:59:52 GMT https://community.cisco.com/t5/network-security/tracing-malware/m-p/2751004#M179163 mickyq 2015-09-02T14:59:52Z