10-23-2003 07:45 PM - edited 03-09-2019 05:16 AM
hello there,
iam runing a smale scale internet cafe with 6 clent mechines thru a leased line conection my problem is i am geting a trafic to my router from somewhere i dont know how to trace that paticular ip it makes my router very busy it keep occuring every 2 or 3 second intreval and this makes my serfing speed very slow i sense the attack thry the routers TXD and RXD LED,s. in normal operation both LED,s blinks simulationaly when the trafic hits booth LED,s keep blinks at same time. i am having a very hard time with this problem can some one give me a good soulution for this problem?
and how to trace the ips can u sugest some kind of softwear.
please help me
thanks in advance
rimzan
10-23-2003 08:02 PM
You can create a access-list to make your router a packet sniffer to get the IP. This can be done by creating access-list 120 below and appling to your ISP side interface. Once you have the IP
you can then trace through Arin.net to the ISP and
attack it that way, or you can allow black hole the IP once you know it through the ip route command below. The access-list will usage more cpu than normal on the router so do not run for a long time.
I can or other could offer better solutions if you post your running-config. If you choose to due so please change your IP address and remove the passwords so people can not trace back to your router.
Sniffer list:
access-list 120 permit ip any any
debug ip packet list 120
Black hole IP route:
route ip attackers IP netmask null0
10-23-2003 09:14 PM
Hi,
Using a debug IP packet with access-list for permit ip any any would cause a havoc on your router. If you dont have any access-list try to make one for permit ip any any with log key word and see what you get. There are several other ways, e.g. show ip traffic, show ip cache flow. etc. provided your router supports it.
Please see the link below to harden your router.
http://www.cisco.com/warp/public/707/21.html
Especially visit these links and follow the directions to block out NACHI/Blasterm
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml
Thanks
Nadeem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide