[c-nsp] Slammer (1434) attack

Florian Weimer fw at deneb.enyo.de
Wed Dec 22 14:03:37 EST 2004


* Amol Sapkal:

> I did use netflow (ip route-cache flow enabled on every vlan of the
> 6509) and was sruprised to see any entry for Destination port 059A
> (1434) or 0599 (1433) in the output of 'show ip cache flow'.

Do you have MFC2 (and PFC2) or higher?

You should use MLS flows.  "show ip cache flow" only shows packets
forwarded by the "CPU".  Especially in this case, you really want to
keep this number as low as possible (because the CPU is slow). 8-/


More information about the cisco-nsp mailing list