[c-nsp] Monitoring Null0 interface
Kim Onnel
karim.adel at gmail.com
Tue Apr 19 10:49:39 EDT 2005
Hi,
For a mid-sized ISP, on the main internet gateway, we have routes to
Null0 for unused subnets(to be inserted to the routing table -> BGP
table) and other Null0 routes tagged for blackholing,
I managed to setup an MRTG graph for the PPS as suggested by someone
on the list before, to be able to view worms/port scans, the graphs
shows a constant traffic on the interface, below are the numbers for
today:
Max packets 100.1 kpkts/sec Average packets 89.7 kpkts/sec
Current packets 0.0 pkts/sec
Max packets 73.1 kpkts/sec Average packets 9805.0 pkts/sec
Current packets 0.0 pkts/sec
Numbers for the Whole week :
Max packets 202.0 kpkts/sec Average packets 90.9 kpkts/sec
Current packets 85.1 kpkts/sec
Max packets 172.6 kpkts/sec Average packets 11.6 kpkts/sec
Current packets 7466.0 pkts/sec
Ok, so i know there are worms now, this is a 7600 switch, how do i go
next, i cant configure it for netflow for example, to be able to see
such traffic, the only configuration i have on the interface right now
is below:
7600#sh run int null0
!
interface Null0
no ip unreachables
end
Any ideas ?
More information about the cisco-nsp
mailing list