Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor

From: Serhat Uslay (serhat.uslay_at_zurich.com.au)
Date: Wed Sep 15 2004 - 20:33:16 GMT

  • Next message: Lutfi Tekin: "RE: [cisco-ttl] PIX'de cpu %95'lere cikiyor"

    "compromised" demek host'da virus var demektir. INterface trafiginde hangi
    subnet/host lardan cok fazla trafik geldigine bakarak yada pix'e gelen
    butun trafigi IDS'e yollayarak (windows yada Linux uzerinde) anormal
    trafik olup olmadigina bakabilirsin. Eger bu trafik fazlasi durup durup
    dururken yani ogrenci trafigi sayisi fazla artmadan oldu ise o zaman
    suphelenmek lazim.
    RIP V1 her 30 saniyede routing table'i komsularina yollar. RIP V2 eger
    routing table'da degisiklik varsa yollar.

    serhat

    Please respond to cisco-ttl_at_yahoogroups.com

    To: cisco-ttl_at_yahoogroups.com
    cc:
    Subject: Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor

    Verdiginiz adresi gormemistim, iyi oldu.
    show xlate bolumunde soyle bir not var;

    Note: A single host can have multiple connections to various destinations,
    but only
    one translation. If the xlate count is much larger than the number of
    hosts on your
    internal network, it is possible that one of your internal hosts has been
    compromised and is spoofing its source address and sending packets out the
    PIX.

    Sanirim sorunun karsiligi burada. Bahsedilen "compromised" kavramini her
    ne kadar
    uzlasmak olarak algiladiysam da, pixdeki karsiligini anlayamadim. Internal
    hostlardan hangisinin compromised oldugunu ve spoofing yaptigini nasil
    anlayacagiz?

    Bir de Rip V2 kullanmak gerekiyor mu?

    >
    > Bunu daha once gordunuz mu bilmiyorum, degilse bir okuyun derim..
    >
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

    > Interface traffiklerine baktinizmi ?
    > birde RIP V1 calistirmak icin bir sebep varmi ?
    >
    > serhat
    >
    >

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    ----
    This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
    To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.
    


    This archive was generated by hypermail 2.1.5 : Thu Sep 16 2004 - 00:45:24 GMT