Re: NACHI !!!

From: miken (miken@sisna.com)
Date: Wed Aug 27 2003 - 13:30:39 GMT-3

• Next message: Ashish Modi: "RE: NACHI !!!"
• Previous message: Kenneth Wygand: "RE: NACHI !!!"
• Maybe in reply to: Rajagopal S: "NACHI !!!"
• Next in thread: Ashish Modi: "RE: NACHI !!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Raj,

What about using MRTG to monitor the switchport interfaces with SNMP? You
would then be able to identify your top user/s in a nice manager style graph
=) as well as statistical numbers and percentages. MRTG is freely available
at http://mrtg.hdl.com/mrtg.html. Another suggestion would be to use a
sniffer and span the vlan. With CA Sniffer (Pro), you can also see who the
top talkers are. I'm not sure if other flavors have that feature or not.

Thanks,
Mike N

----- Original Message -----
From: "Rajagopal S" <raj_ccie@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, August 27, 2003 8:30 AM
Subject: NACHI !!!

> Hi guys,
>
> Nachi virus stroke my network. My router melted down after the attack.
>
> As such, there are huge no of PC's sitting on the inside interface of the
firewall. the router having the internet link is sitting on the outside
interface of the firewall.
>
> The internal users/servers are connected to the PIX via a 4507 internal L3
switch.
>
> I have identified the traffic coming from inside to outside on port 0800
(icmp type 8 packet) from the patted IP to some arbitarty IPs on internet. I
have blocked icmp on PIX and stabilised the situation.
>
> But I still am not sure, which hosts on the internal network is pushing
this traffic (ie affected with nachi). Am ready to put nachi patches in all
the 500 odd machines,
> but is a bit tough !!!
>
> Is there any way to find the machine pumping this traffic from the switch
? am not able to enable ip route-cache flow or ip accounting on the vlan
interface nor able to enable MLS. Is there any other way to see this
information?
>
> Cheers
> Raj
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Ashish Modi: "RE: NACHI !!!"
• Previous message: Kenneth Wygand: "RE: NACHI !!!"
• Maybe in reply to: Rajagopal S: "NACHI !!!"
• Next in thread: Ashish Modi: "RE: NACHI !!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:07 GMT-3