Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1619
Views
0
Helpful
1
Replies

Steps for investigating DDoS attack

gsidhu
Level 3
Level 3

‎11-23-2018 01:51 PM

Hi

 

Nexus 7010 with N7K-SUP1 running NXOS 6.2(16).

 

High CPU occasionally peaking above 90%. 

 

Log filling up with following messages:

 

%USER-3-SYSTEM_MSG: NTP Receive dropping message: Received NTP control mode packet. Drop count:152  - ntpd

%USER-3-SYSTEM_MSG: NTP Receive dropping message: Received NTP private mode packet. Drop Count:153  - ntpd

 

These message appear because there is a vulnerability in Network Time Protocol (NTP) package of Cisco NX-OS Software.

 

Two questions:

 

Does this mean that there is a Distributed denial-of-service (DDoS) attack on customer network?

 

Apart from disabling NTP on the device via the "no feature ntp" command’ what steps should customer take to establish whether their network is under attack?

 

NXOS 6.2(16) is not listed as having this defect and it is still available to download. 

 

Thanks

 

 

Labels:
0 Helpful
1 Reply 1

akdhingr
Level 1
Level 1

‎02-28-2019 06:58 AM

Hello,

 

As far as I could remember is that there was a known defect related to this issue. 

 

Run ethanalyzer and check what traffic is being punted to CPU.

 

BR

Ak

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents