[nsp] NAT spiking CPU
Niels Bakker
niels=cisco-nsp at bakker.net
Tue Sep 9 11:19:40 EDT 2003
Hi,
* limmer at execpc.com (Steve Lim) [Tue 09 Sep 2003, 00:47 CEST]:
> Well, the outbound NAT translations are due to request for ports 135,
> 445, et al. The router eventually runs out of source ports to open.
> I've found that just filtering those ports inbound on the inside
> interface shortens the NAT table to normal levels, hence allowing my
> router to function normally again. And that also works on routers as
> small as 1600s.
I hope you're aware of the fact that these ports are often used as
infection vectors for various worms for the Windows platform.
As such, it may be very worthwhile to investigate the sources of any
occurrences of excessive traffic to these ports, in case you are not
doing so already, of course.
-- Niels.
--
More information about the cisco-nsp
mailing list