Cisco PIX Firewall CPU %95'lere Çıkıyor
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

+ Konuyu Cevapla
Toplam 2 Sayfadan 1. Sayfa 12 SonuncuSonuncu
Toplam 14 sonuçtan 1 ile 10 arasındakiler gösteriliyor.
Cisco PIX Firewall CPU %95'lere Çıkıyor

Merhabalar, PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin yogun oldugu vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e cikiyor ve ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk

  1. #1
    A.Murat BAYRAM Guest

    Standart Cisco PIX Firewall CPU %95'lere Çıkıyor

    Merhabalar,

    PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin yogun oldugu
    vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e cikiyor ve
    ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi) kendiliginden
    duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip acmak da sonuc
    vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor... Tabi bu
    kesintiler, kullanicilarin internete cikamamasina neden oluyor.

    sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum. Bu rakamlar
    bana anormal geldi.
    11 tane global outside ip adres tanimli, yine 11 tane dahili networkdeki vlanlara
    nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda internete çıkıyor.

    Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida sh ver
    ciktisini ve sh run ozet ciktisini gonderiyorum...
    Saygilarimla

    Murat BAYRAM
    Yuzuncu Yil Universitesi
    ------------------------------------------------------

    PixFirewall# sh ver

    Cisco PIX Firewall Version 6.3(3)
    Cisco PIX Device Manager Version 3.0(1)

    Compiled on Wed 13-Aug-03 13:55 by morlee

    PixFirewall up 43 mins 40 secs

    Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
    Flash i28F640J5 @ 0x300, 16MB
    BIOS Flash AT29C257 @ 0xfffd8000, 32KB

    0: ethernet0: address is 0003.e300.6df7, irq 10
    1: ethernet1: address is 0003.e300.6df8, irq 7
    Licensed Features:
    Failover: Enabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    Maximum Physical Interfaces: 6
    Maximum Interfaces: 10
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    Throughput: Unlimited
    IKE peers: Unlimited

    This PIX has an Unrestricted (UR) license.

    Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
    Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx
    Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed Sep 15 2004


    ----------------------------------

    PixFirewall# sh run
    : Saved
    :
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password xxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxx encrypted
    hostname PixFirewall
    domain-name yyu.edu.tr
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    fixup protocol dns maximum-length 512
    fixup protocol domain 53
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    logging timestamp
    logging trap critical
    logging facility 16
    logging host inside 10.100.0.65
    mtu outside 1500
    mtu inside 1500
    ip address outside 193.255.143.253 255.255.255.0
    ip address inside 10.100.0.5 255.255.0.0
    ip audit info action alarm drop
    ip audit attack action alarm drop
    no failover
    failover timeout 0:00:00
    failover poll 15
    no failover ip address outside
    no failover ip address inside
    pdm location 10.1.10.0 255.255.255.0 inside
    pdm location 10.1.30.0 255.255.255.0 inside
    pdm location 10.1.40.0 255.255.255.0 inside
    pdm location 10.1.50.0 255.255.255.0 inside
    pdm location 10.1.70.0 255.255.255.0 inside
    pdm location 10.1.80.0 255.255.255.0 inside
    pdm location 10.1.90.0 255.255.255.0 inside
    ..
    ..
    ..
    ..
    ..
    ..
    ..

    global (outside) 1 193.255.143.230
    global (outside) 6 193.255.143.53
    global (outside) 2 193.255.143.58
    global (outside) 3 193.255.143.50
    global (outside) 4 193.255.143.51
    global (outside) 5 193.255.143.52
    global (outside) 8 193.255.143.54
    global (outside) 9 193.255.143.55
    global (outside) 10 193.255.143.56
    global (outside) 11 193.255.143.57
    global (outside) 7 193.255.143.59
    nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
    nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
    nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
    nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
    nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
    nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
    nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
    nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
    nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
    nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
    nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
    ..
    ..
    ..
    ..

    rip outside default version 1
    rip inside default version 1
    ..
    ..
    ..
    ..
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    ..
    ..
    ..
    floodguard enable
    sysopt connection permit-ipsec
    sysopt noproxyarp inside
    ..
    ..
    telnet timeout 5
    console timeout 0
    terminal width 80
    Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
    : end





    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  2. #2
    Serhat Uslay Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor


    Bunu daha once gordunuz mu bilmiyorum, degilse bir okuyun derim..
    [url]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml[/url]
    Interface traffiklerine baktinizmi ?
    birde RIP V1 calistirmak icin bir sebep varmi ?

    serhat


    ----
    This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
    To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.

  3. #3
    Mehmet Ali Suzen Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    iyi gunler,
    Belki isine yarar;
    [url]http://www.cisco.com/warp/public/110/pixperformance.html[/url]
    kolay gelsin
    Mehmet

    [color=blue]
    > Merhabalar,
    >
    > PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin yogun
    > oldugu
    > vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e cikiyor
    > ve
    > ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi)
    > kendiliginden
    > duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip acmak da
    > sonuc
    > vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor... Tabi bu
    > kesintiler, kullanicilarin internete cikamamasina neden oluyor.
    >
    > sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum. Bu
    > rakamlar
    > bana anormal geldi.
    > 11 tane global outside ip adres tanimli, yine 11 tane dahili networkdeki
    > vlanlara
    > nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda internete
    > çıkıyor.
    >
    > Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida sh ver
    > ciktisini ve sh run ozet ciktisini gonderiyorum...
    > Saygilarimla
    >
    > Murat BAYRAM
    > Yuzuncu Yil Universitesi
    > ------------------------------------------------------
    >
    > PixFirewall# sh ver
    >
    > Cisco PIX Firewall Version 6.3(3)
    > Cisco PIX Device Manager Version 3.0(1)
    >
    > Compiled on Wed 13-Aug-03 13:55 by morlee
    >
    > PixFirewall up 43 mins 40 secs
    >
    > Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
    > Flash i28F640J5 @ 0x300, 16MB
    > BIOS Flash AT29C257 @ 0xfffd8000, 32KB
    >
    > 0: ethernet0: address is 0003.e300.6df7, irq 10
    > 1: ethernet1: address is 0003.e300.6df8, irq 7
    > Licensed Features:
    > Failover: Enabled
    > VPN-DES: Enabled
    > VPN-3DES-AES: Enabled
    > Maximum Physical Interfaces: 6
    > Maximum Interfaces: 10
    > Cut-through Proxy: Enabled
    > Guards: Enabled
    > URL-filtering: Enabled
    > Inside Hosts: Unlimited
    > Throughput: Unlimited
    > IKE peers: Unlimited
    >
    > This PIX has an Unrestricted (UR) license.
    >
    > Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
    > Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx
    > xxxxxxxxxx
    > Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed Sep 15
    > 2004
    >
    >
    > ----------------------------------
    >
    > PixFirewall# sh run
    > : Saved
    > :
    > PIX Version 6.3(3)
    > interface ethernet0 auto
    > interface ethernet1 auto
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password xxxxxxxxxxxxx encrypted
    > passwd xxxxxxxxxxx encrypted
    > hostname PixFirewall
    > domain-name yyu.edu.tr
    > clock timezone EEST 2
    > clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    > fixup protocol dns maximum-length 512
    > fixup protocol domain 53
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol ils 389
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > fixup protocol tftp 69
    > names
    > pager lines 24
    > logging timestamp
    > logging trap critical
    > logging facility 16
    > logging host inside 10.100.0.65
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside 193.255.143.253 255.255.255.0
    > ip address inside 10.100.0.5 255.255.0.0
    > ip audit info action alarm drop
    > ip audit attack action alarm drop
    > no failover
    > failover timeout 0:00:00
    > failover poll 15
    > no failover ip address outside
    > no failover ip address inside
    > pdm location 10.1.10.0 255.255.255.0 inside
    > pdm location 10.1.30.0 255.255.255.0 inside
    > pdm location 10.1.40.0 255.255.255.0 inside
    > pdm location 10.1.50.0 255.255.255.0 inside
    > pdm location 10.1.70.0 255.255.255.0 inside
    > pdm location 10.1.80.0 255.255.255.0 inside
    > pdm location 10.1.90.0 255.255.255.0 inside
    > .
    > .
    > .
    > .
    > .
    > .
    > .
    >
    > global (outside) 1 193.255.143.230
    > global (outside) 6 193.255.143.53
    > global (outside) 2 193.255.143.58
    > global (outside) 3 193.255.143.50
    > global (outside) 4 193.255.143.51
    > global (outside) 5 193.255.143.52
    > global (outside) 8 193.255.143.54
    > global (outside) 9 193.255.143.55
    > global (outside) 10 193.255.143.56
    > global (outside) 11 193.255.143.57
    > global (outside) 7 193.255.143.59
    > nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
    > nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
    > nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
    > nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
    > nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
    > nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
    > nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
    > nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
    > nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
    > nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
    > nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
    > .
    > .
    > .
    > .
    >
    > rip outside default version 1
    > rip inside default version 1
    > .
    > .
    > .
    > .
    > timeout xlate 3:00:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    > 1:00:00
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server RADIUS protocol radius
    > aaa-server LOCAL protocol local
    > http server enable
    > .
    > .
    > .
    > floodguard enable
    > sysopt connection permit-ipsec
    > sysopt noproxyarp inside
    > .
    > .
    > telnet timeout 5
    > console timeout 0
    > terminal width 80
    > Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
    > : end
    >
    >
    >
    >
    >
    >
    > Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.
    >
    > Listeden cikmak için [email][email protected][/email] adresine bir
    > e-posta gönderebilirsiniz.
    > Yahoo! Groups Links
    >
    >
    >
    >
    >
    >[/color]



    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  4. #4
    A.Murat BAYRAM Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    Verdiginiz adresi gormemistim, iyi oldu.
    show xlate bolumunde soyle bir not var;

    Note: A single host can have multiple connections to various destinations, but only
    one translation. If the xlate count is much larger than the number of hosts on your
    internal network, it is possible that one of your internal hosts has been
    compromised and is spoofing its source address and sending packets out the PIX.

    Sanirim sorunun karsiligi burada. Bahsedilen "compromised" kavramini her ne kadar
    uzlasmak olarak algiladiysam da, pixdeki karsiligini anlayamadim. Internal
    hostlardan hangisinin compromised oldugunu ve spoofing yaptigini nasil anlayacagiz?

    Bir de Rip V2 kullanmak gerekiyor mu?

    [color=blue]
    >
    > Bunu daha once gordunuz mu bilmiyorum, degilse bir okuyun derim..
    > [url]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml[/url]
    > Interface traffiklerine baktinizmi ?
    > birde RIP V1 calistirmak icin bir sebep varmi ?
    >
    > serhat
    >
    >[/color]




    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  5. #5
    serust Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    Ben PIX'i bankalar universiteler gibi cok yogun internet trafiği olan =

    bir cok yere kurdum dedigin yuzdelere geldigini hic gormedim
    Verdigin xlate degerlerinde ip basina 20 connection dusunuyor ki bu
    cok anormal bir durum.IDS'iniz var mi PIX'in ic veya dis bacagini
    dinleme sansin var mi Ayrica Sniffer ile de capture yapabilirsin
    Virus falan gibi bir sey olabilir mi?
    Aklima gelen bir sey de pix de debug acik mi Daha once bir sey icin
    acip unutmus olabilirmisin? PIX'in CPU'usunu bu kadar tavana
    vurdurabilecek anca o olabilir...
    Bir de 2 yilonce uretilmis PIX'ler de olan bir Hang sorunu vardi
    Acaba senin PIX o seri araliginda olabilir mi?
    [url]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_field_n[/url]
    otice09186a00800949c7.shtml

    adresinden ayrintili bilgi alabilirsin Cisco PIX'i ucretsiz
    degistiriyor.

    Herkese kolay gelsin arkadaslar

    Serkan Ustundag

    Network and Security Engineer
    CCNP,CCDP,CCSE
    CCSP (Cisco Certified Security Professional)
    Cisco Network Management Specialist

    [email][email protected][/email]

    Secura bir TEPUM grup sirketidir

    Cisco Systems IP Communications Partner of the Year, 2004, Turkey
    Cisco Systems Security Partner of the Year, 2004, Turkey
    Cisco Systems AVVID Partner of the Year, 2003, EMEA (Europe, Middle
    East and Africa)
    Cisco Systems Solution Partner of the Year, 2002, Turkey

    Gazeteciler Mahallesi, Haberler Sokak
    No:8 34394 Esentepe Istanbul
    Direkt : +90 212 3550640
    Santral: +90 212 3550600
    Faks : +90 212 2757115

    [url]www.secura.com.tr[/url]

    [url]www.tepum.com.tr[/url]



    --- In [email][email protected][/email], "A.Murat BAYRAM" <[email protected]>
    wrote:[color=blue]
    > Merhabalar,
    >
    > PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin [/color]
    yogun oldugu[color=blue]
    > vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e [/color]
    cikiyor ve[color=blue]
    > ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi) [/color]
    kendiliginden[color=blue]
    > duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip [/color]
    acmak da sonuc[color=blue]
    > vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor... [/color]
    Tabi bu[color=blue]
    > kesintiler, kullanicilarin internete cikamamasina neden oluyor.
    >
    > sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum. [/color]
    Bu rakamlar[color=blue]
    > bana anormal geldi.
    > 11 tane global outside ip adres tanimli, yine 11 tane dahili [/color]
    networkdeki vlanlara[color=blue]
    > nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda [/color]
    internete çıkıyor.[color=blue]
    >
    > Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida [/color]
    sh ver[color=blue]
    > ciktisini ve sh run ozet ciktisini gonderiyorum...
    > Saygilarimla
    >
    > Murat BAYRAM
    > Yuzuncu Yil Universitesi
    > ------------------------------------------------------
    >
    > PixFirewall# sh ver
    >
    > Cisco PIX Firewall Version 6.3(3)
    > Cisco PIX Device Manager Version 3.0(1)
    >
    > Compiled on Wed 13-Aug-03 13:55 by morlee
    >
    > PixFirewall up 43 mins 40 secs
    >
    > Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
    > Flash i28F640J5 @ 0x300, 16MB
    > BIOS Flash AT29C257 @ 0xfffd8000, 32KB
    >
    > 0: ethernet0: address is 0003.e300.6df7, irq 10
    > 1: ethernet1: address is 0003.e300.6df8, irq 7
    > Licensed Features:
    > Failover: Enabled
    > VPN-DES: Enabled
    > VPN-3DES-AES: Enabled
    > Maximum Physical Interfaces: 6
    > Maximum Interfaces: 10
    > Cut-through Proxy: Enabled
    > Guards: Enabled
    > URL-filtering: Enabled
    > Inside Hosts: Unlimited
    > Throughput: Unlimited
    > IKE peers: Unlimited
    >
    > This PIX has an Unrestricted (UR) license.
    >
    > Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
    > Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx [/color]
    xxxxxxxxxx[color=blue]
    > Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed [/color]
    Sep 15 2004[color=blue]
    >
    >
    > ----------------------------------
    >
    > PixFirewall# sh run
    > : Saved
    > :
    > PIX Version 6.3(3)
    > interface ethernet0 auto
    > interface ethernet1 auto
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password xxxxxxxxxxxxx encrypted
    > passwd xxxxxxxxxxx encrypted
    > hostname PixFirewall
    > domain-name yyu.edu.tr
    > clock timezone EEST 2
    > clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    > fixup protocol dns maximum-length 512
    > fixup protocol domain 53
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol ils 389
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > fixup protocol tftp 69
    > names
    > pager lines 24
    > logging timestamp
    > logging trap critical
    > logging facility 16
    > logging host inside 10.100.0.65
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside 193.255.143.253 255.255.255.0
    > ip address inside 10.100.0.5 255.255.0.0
    > ip audit info action alarm drop
    > ip audit attack action alarm drop
    > no failover
    > failover timeout 0:00:00
    > failover poll 15
    > no failover ip address outside
    > no failover ip address inside
    > pdm location 10.1.10.0 255.255.255.0 inside
    > pdm location 10.1.30.0 255.255.255.0 inside
    > pdm location 10.1.40.0 255.255.255.0 inside
    > pdm location 10.1.50.0 255.255.255.0 inside
    > pdm location 10.1.70.0 255.255.255.0 inside
    > pdm location 10.1.80.0 255.255.255.0 inside
    > pdm location 10.1.90.0 255.255.255.0 inside
    > .
    > .
    > .
    > .
    > .
    > .
    > .
    >
    > global (outside) 1 193.255.143.230
    > global (outside) 6 193.255.143.53
    > global (outside) 2 193.255.143.58
    > global (outside) 3 193.255.143.50
    > global (outside) 4 193.255.143.51
    > global (outside) 5 193.255.143.52
    > global (outside) 8 193.255.143.54
    > global (outside) 9 193.255.143.55
    > global (outside) 10 193.255.143.56
    > global (outside) 11 193.255.143.57
    > global (outside) 7 193.255.143.59
    > nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
    > nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
    > nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
    > nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
    > nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
    > nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
    > nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
    > nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
    > nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
    > nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
    > nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
    > .
    > .
    > .
    > .
    >
    > rip outside default version 1
    > rip inside default version 1
    > .
    > .
    > .
    > .
    > timeout xlate 3:00:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 [/color]
    h225 1:00:00[color=blue]
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server RADIUS protocol radius
    > aaa-server LOCAL protocol local
    > http server enable
    > .
    > .
    > .
    > floodguard enable
    > sysopt connection permit-ipsec
    > sysopt noproxyarp inside
    > .
    > .
    > telnet timeout 5
    > console timeout 0
    > terminal width 80
    > Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
    > : end[/color]



    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  6. #6
    serust Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    Aslinda o ifade soyle yorumlanmali
    Statik ip ile cikis yapiliyorsa evet bir tane xlate gozukur gozukmeli
    sh xlate ile bakildiginda ama PAT ile cikislarda birip'ye birden
    fazla xlate karsilik gelir ki dorusu da budur
    iste canli bir ornek...
    sh xlate=

    Global x.x.x.x Local 192.168.1.210
    PAT Global x.x.x.x (4786) Local 192.168.1.230(1948)
    PAT Global x.x.x.x (23044) Local 192.168.1.230(1148)
    PAT Global x.x.x.x (5633) Local 192.168.1.181(1112)
    PAT Global x.x.x.x 29222) Local 192.168.1.181(3335)
    PAT Global x.x.x.x (29223) Local 192.168.1.181(3336)
    PAT Global x.x.x.x (23076) Local 192.168.1.230(1176)
    --- In [email][email protected][/email], "A.Murat BAYRAM" <[email protected]>
    wrote:[color=blue]
    > Verdiginiz adresi gormemistim, iyi oldu.
    > show xlate bolumunde soyle bir not var;
    >
    > Note: A single host can have multiple connections to various [/color]
    destinations, but only[color=blue]
    > one translation. If the xlate count is much larger than the number [/color]
    of hosts on your[color=blue]
    > internal network, it is possible that one of your internal hosts [/color]
    has been[color=blue]
    > compromised and is spoofing its source address and sending packets [/color]
    out the PIX.[color=blue]
    >
    > Sanirim sorunun karsiligi burada. Bahsedilen "compromised" [/color]
    kavramini her ne kadar[color=blue]
    > uzlasmak olarak algiladiysam da, pixdeki karsiligini anlayamadim. [/color]
    Internal[color=blue]
    > hostlardan hangisinin compromised oldugunu ve spoofing yaptigini [/color]
    nasil anlayacagiz?[color=blue]
    >
    > Bir de Rip V2 kullanmak gerekiyor mu?
    >
    > [color=green]
    > >
    > > Bunu daha once gordunuz mu bilmiyorum, degilse bir okuyun derim..
    > > [/color][/color]
    [url]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_no[/url]
    te09186a008009491c.shtml[color=blue][color=green]
    > > Interface traffiklerine baktinizmi ?
    > > birde RIP V1 calistirmak icin bir sebep varmi ?
    > >
    > > serhat
    > >
    > >[/color][/color]



    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  7. #7
    A.Murat BAYRAM Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    Yakaladim galiba. Aklima, core switchten vlanlari tek tek kapatip pixi takip etmek
    geldi, öyle de yaptim, 2 ayri fakultede (vlanda) bulunan pclerden kaynaklaniyor.
    Defalarca denedim, Vlan'i aktiflestirdigimde islemci %100 oluyor, kapattigimda
    normale donuyor.

    Switchlerden tek tek kontrol ediyordum ki, adam (veya bayan) muhtemelen pcsini
    kapatti gitti, kacirdim elimden. Ama cok yaklastim. Soruna yol acan pcleri tespit
    edip hangi virus veya trojanin bunu yaptigini sizlere bildirecegim.

    Yardimlariniz icin sonsuz tesekkurler.




    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    $9.95 domain names from Yahoo!. Register anything.
    [url]http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  8. #8
    serust Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor

    Sorunun tespit edilmesine cok sevindim
    Problemli pc'yi bulmak icin Sniffer da Matrix Table'i kullanabilirsin
    O ekran sayesinde eger bir makinede yuzlerce connection kuruluyor
    gozukuyorsa ve bu makine de server degil siradan bir makineyse
    boylece viruslu makineyi bulmus olursun
    Ornek:[url]http://vil.nai.com/vil/content/v_99992.htm[/url]

    Kolay gelsin



    --- In [email][email protected]com[/email], "A.Murat BAYRAM" <[email protected]>
    wrote:[color=blue]
    > Yakaladim galiba. Aklima, core switchten vlanlari tek tek kapatip [/color]
    pixi takip etmek[color=blue]
    > geldi, öyle de yaptim, 2 ayri fakultede (vlanda) bulunan pclerden [/color]
    kaynaklaniyor.[color=blue]
    > Defalarca denedim, Vlan'i aktiflestirdigimde islemci %100 oluyor, [/color]
    kapattigimda[color=blue]
    > normale donuyor.
    >
    > Switchlerden tek tek kontrol ediyordum ki, adam (veya bayan) [/color]
    muhtemelen pcsini[color=blue]
    > kapatti gitti, kacirdim elimden. Ama cok yaklastim. Soruna yol acan [/color]
    pcleri tespit[color=blue]
    > edip hangi virus veya trojanin bunu yaptigini sizlere bildirecegim.
    >
    > Yardimlariniz icin sonsuz tesekkurler.[/color]



    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  9. #9
    E.K. Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor


    her vlan'da iceriden gelen trafige uygulanmak uzere
    su portlari kapatmanizi tavsiye ederim - gerci pek guncellemedim son
    zamanlarda - ic trafigi icin yeterli - disdan gelen trafik icin baska
    portlar da kapatmak gerekiyor tabii ki ...

    ozellikle udp 1900'e dikkat ...


    deny tcp any any eq 1434
    deny tcp any any eq 1433
    deny tcp any any eq 1900
    deny udp any any eq 1434
    deny udp any any eq 1433
    deny udp any any eq 1900 /* iste bu porta dikkat */
    deny icmp any any echo /* bu radikal bir adim mesela */
    deny tcp any any eq 707
    deny tcp any any eq 4444
    deny tcp any any eq 445
    deny tcp any any eq 5554
    deny tcp any any eq 9996
    deny tcp any any eq 135
    permit ip any any


    ---------------------------------------------------------------------
    Ar.Gor.ENIS KARAARSLAN
    Ege Universitesi
    Kampus Network Yoneticisi


    On Wed, 15 Sep 2004, A.Murat BAYRAM wrote:
    [color=blue]
    > Yakaladim galiba. Aklima, core switchten vlanlari tek tek kapatip pixi takip etmek
    > geldi, öyle de yaptim, 2 ayri fakultede (vlanda) bulunan pclerden kaynaklaniyor.
    > Defalarca denedim, Vlan'i aktiflestirdigimde islemci %100 oluyor, kapattigimda
    > normale donuyor.
    >
    > Switchlerden tek tek kontrol ediyordum ki, adam (veya bayan) muhtemelen pcsini
    > kapatti gitti, kacirdim elimden. Ama cok yaklastim. Soruna yol acan pcleri tespit
    > edip hangi virus veya trojanin bunu yaptigini sizlere bildirecegim.
    >
    > Yardimlariniz icin sonsuz tesekkurler.
    >
    >
    >
    >
    >
    > Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.
    >
    > Listeden cikmak için [email][email protected][/email] adresine bire-posta gönderebilirsiniz.
    > Yahoo! Groups Links
    >
    >
    >
    >
    >
    > [/color]




    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    [url]http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM[/url]
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
    [url]http://groups.yahoo.com/group/cisco-ttl/[/url]

    <*> To unsubscribe from this group, send an email to:
    [email][email protected][/email]

    <*> Your use of Yahoo! Groups is subject to:
    [url]http://docs.yahoo.com/info/terms/[/url]




  10. #10
    Serhat Uslay Guest

    Standart re: Cisco PIX Firewall CPU %95'lere Çıkıyor


    iyi haber...
    eger PC yi bulamazsan bile eger switch/router inda o VLAN icin trafigi
    kisitlarsan PIX'i kurtarabilirsin. Eger bunu yapamazsan o VLAN i 10
    MB/half duplex tanimlayarak da trafigi azaltabilirsin..
    kolay gelsin...

    serhat


    Please respond to [email][email protected][/email]

    To: [email][email protected][/email]
    cc:
    Subject: Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor


    Yakaladim galiba. Aklima, core switchten vlanlari tek tek kapatip pixi
    takip etmek
    geldi, öyle de yaptim, 2 ayri fakultede (vlanda) bulunan pclerden
    kaynaklaniyor.
    Defalarca denedim, Vlan'i aktiflestirdigimde islemci %100 oluyor,
    kapattigimda
    normale donuyor.

    Switchlerden tek tek kontrol ediyordum ki, adam (veya bayan) muhtemelen
    pcsini
    kapatti gitti, kacirdim elimden. Ama cok yaklastim. Soruna yol acan pcleri
    tespit
    edip hangi virus veya trojanin bunu yaptigini sizlere bildirecegim.

    Yardimlariniz icin sonsuz tesekkurler.





    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir
    e-posta gönderebilirsiniz.
    Yahoo! Groups Links










    ----
    This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If youhave received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachmentsfor viruses and other defects.
    To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we donot warrant the confidentiality or security of email or attachments we receive.

+ Konuyu Cevapla

Bu Konuyu Paylaşın !

Bu Konuyu Paylaşın !

Yetkileriniz

  • Konu Acma Yetkiniz Yok
  • Cevap Yazma Yetkiniz Yok
  • Eklenti Yükleme Yetkiniz Yok
  • Mesajınızı Değiştirme Yetkiniz Yok