[nsp] Detecting hacked boxes on switch

James hampton jamhampton at toast.net
Tue Jul 1 10:27:19 EDT 2003


Our bandwidth meters are maxing out on an incoming link to our provider, this usually means one of our boxes has been hacked and someones pushing a bunch of mp3's or what ever onto one of our boxes. Most of our servers are connected to one of two switches, is there anyway I can look at switchport utilization or some other method on the switch to help narrow down or identify which box is being hacked?
James


More information about the cisco-nsp mailing list