NAT cause router hogging

From: Joshua (joshualixin@gmail.com)
Date: Wed Mar 14 2007 - 15:31:14 ART

• Next message: Bob Sinclair: "Re: FR map config not show in running-config"
• Previous message: Jason Carpenter: "Re: Cisco Documentation CD"
• Next in thread: Joshua: "Re: NAT cause router hogging"
• Maybe reply: Joshua: "Re: NAT cause router hogging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

One router was hogging. Checked "sh ip nat trans", see the below
information.
"
Pro Inside global Inside local Outside local
Outside global
tcp 77.40.206.169:4892 10.10.139.10:4892 148.243.0.191:1025
148.243.0.191:1025
tcp 77.40.206.169:3034 10.10.139.10:3034 148.243.174.108:1433
148.243.174.108:1
433
tcp 77.40.206.169:1838 10.10.139.10:1838 148.243.216.44:135
148.243.216.44:135
tcp 77.40.206.169:4244 10.10.139.10:4244 148.243.222.198:139
148.243.222.198:13
9
tcp 77.40.206.169:4330 10.10.139.10:4330 148.243.174.114:139
148.243.174.114:13
9
tcp 77.40.206.169:3531 10.10.139.10:3531 148.243.174.64:1025
148.243.174.64:102
5
tcp 77.40.206.169:2968 10.10.139.10:2968 148.243.0.118:1025
148.243.0.118:1025
...."

router CPU usage reach 100%. After isolated 10.10.138.10, the router was
normal. Looks like an attack from outside Internet. But how they could get
10.10.139.10? Please help!

• Next message: Bob Sinclair: "Re: FR map config not show in running-config"
• Previous message: Jason Carpenter: "Re: Cisco Documentation CD"
• Next in thread: Joshua: "Re: NAT cause router hogging"
• Maybe reply: Joshua: "Re: NAT cause router hogging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART