At 06:08 PM 1997/12/25 -0500, you wrote:
>> We are using many 2501s, 2511s, 7507 and many sunsparc workstations which
>> are all connected to Cisco 1900 switching hub. However, today I have found
>> that all the routers 2501s, 2511s and sunsparc workstations which generate
>> a large number of packets with a destination address 207.17.227.186 and
>> 209.45.172.124. Those unknown packets take a lot of our outgoing bandwidth
>> of 7507.
>>
>> I suspect the switched hub has problem and I'm going to reset the 1900 or
>> swap to a normal hub if the problem still exists. Do you have any idea or
>> experience for this happening?
>>
>> Humphrey
>>
>
>Humphrey, what kind of packets are they? Is it possible somebody from
>those addresses is recieving some kind of data from your LAN?
>Possibly unauthorized data? Is it possible those are forged packets?
>
>Can you trap a bunch of them to check? I would think it highly unlikely
>that the cisco hub or routers are causing this.
>
>Perhaps put a packet sniffer on the LAN?
>
>-Jon
>
Thank Jon,
Because of holidays, I didn't check and capture with the protocol analyser
but those unknown packets have been stopped not long ago. The access-list
below was used to stop them to occupy our internet gateway.
gw1>sh access-list 191
Extended IP access list 191
deny ip any host 207.17.227.186 (3036144 matches)
deny ip any host 209.45.172.124 (3235972 matches)
permit ip any any (38367015 matches)
gw1>
Those denied packets were generated from each of our existing cisco routers
and are quite large in number. They were discovered by "sh ip accounting"
from our gateway router. They were all full size packets and took the same
bandwidth for each originating router.
They were originated from the IP address of each router itself but not from
its serial or aync interfaces. They were even gernerated from those idle
routers which are not connected to any other interfaces.
Humphrey
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:14 EDT