Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
2
Replies

tracing malware

Go to solution
mickyq
Level 1
Level 1

‎09-02-2015 03:40 AM - edited ‎03-11-2019 11:32 PM

I have been informed by my ISP that a botnet has been detected and the ip address is the Global PAT address. how do i trace the source ip? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎09-02-2015 05:29 AM

Probably it's not possible any more. What do you need:

  1. An exact timestamp from the event and if possible the destination-address/port.
  2. Your firewall-log showing which PC was communicating at that moment with the destination.
  3. If you are using DHCP, you also need a DHCP-log to see which internal system was using that IP at that time.

Perhaps it's time to migrate to ASA with FirePOWER.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎09-02-2015 05:29 AM

Probably it's not possible any more. What do you need:

  1. An exact timestamp from the event and if possible the destination-address/port.
  2. Your firewall-log showing which PC was communicating at that moment with the destination.
  3. If you are using DHCP, you also need a DHCP-log to see which internal system was using that IP at that time.

Perhaps it's time to migrate to ASA with FirePOWER.

0 Helpful

Go to solution
mickyq
Level 1
Level 1
In response to Karsten Iwen

‎09-02-2015 07:59 AM

Thanks Karsten

I'll put that on my Christmas wish list :-)

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card