cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
447
Views
0
Helpful
3
Replies
madonamadona
Beginner

trace an issue / network

Dear community,

 

We have the following issue and hope someone can help:

We have a huge network (over 200 Vlans) 50 cisco switches (incl. , 12 cisco core switches), 12 servers, 2 ASA 5550,and,.....

Our homepage is hosted by an external company and went down 2 days ago. The hosting company said that their server is being hit very often from inside our network, that’s why our external IP (which is our firewall IP) has been blocked, so we need to block cpanel ports for the outbound traffic (ports 2082,2085).

Is there any way to know which network or user is causing this, e.g. syslog in the ASAs ?

Many thanks

3 REPLIES 3
mattjones03
Beginner

Hi,

What I would suggest in this instance would be to setup NetFlow on your ASA or a SPAN port on the interfaces that are connecting to your firewalls.

Once you have established the NetFlow configuration, install the free version of Paessler PRTG, and configure a NetFlow sensor (custom)

Within the custom NetFlow sensor on PRTG, configure a filter that will look for all traffic with a destination port of 2082, 2085 and the destination of your hosting provider. That will provide you with the source IP address of the device completing the connection.

Did the ACL that we discussed in "https://supportforums.cisco.com/discussion/13177726/need-block-cpanel-ports-asa-5550-please" resolve this issue?

More than happy to assist further if required.

Many thanks mattjones03, I'll give it a try and report back.


The ACL worked perfectly (got about 80 hits after 30 mins) and the homepage is working again, you are a star.


So, that’s why I would like to know which source is causing this and stop it or at least stop it from using the CPanel ports.

Thanks again

Perfect,

Let me know how it goes, and if there is anything else I can do to assist.