[c-nsp] UDP port 19 (chargen ) being punted to CPU ?
Jeffrey G. Fitzwater
jfitz at Princeton.EDU
Mon Aug 27 10:28:55 EDT 2012
We have within the last week noticed high CPU due to packets with DST of port 19 (chargen ) but NOT DST IP of router, being punted to CPU.
We set up monitor port with SRC of RP CPU and both directions and can clearly see constant stream of DST port 19. We can't just block SRC IP or PORT since they are random and probably from BOTs on bogus devices.
On the router port towards our campus, we have an ACL OUTBOUND that drops ( no logging ) for any DST port of 19.
Since the packets are only being sent to hosts on campus and NOT the router itself we see no reason for the packets to be punted to CPU.
Any ideas? What am I missing?
Jeff Fitzwater
OIT Network Systems
Princeton University
More information about the cisco-nsp
mailing list