RE: [cisco-ttl] PIX'de cpu %95'lere cikiyor

From: Lutfi Tekin (lutfi_at_dbs.net.tr)
Date: Thu Sep 16 2004 - 17:42:11 GMT

  • Next message: Ali KAPTAN: "RE: [cisco-ttl] PIX'de cpu %95'lere cikiyor"

    Arkadaslar
    Cisco pix506 kuracak bir arkadasa ihtiyacimiz var
    Bu konuda bize yardimci olabilecek varsa
    beni telefon ile veya mail ile acil arayabilirmi
    saat mühim degil her an arayabilir.
    Saygilarimla

    M.Lütfi TEKİN
    Dbs Net
    Dijital Bilgi Sistemleri
    lutfi_at_dbs.net.tr
    <www.dbs.net.tr>
    0(212)5202035
    0(212)5136688 Fax
    Çatalcesme Sok No 56
    Cagaloglu
    İstanbul

    -----Original Message-----
    From: Serhat Uslay [mailto:serhat.uslay_at_zurich.com.au]
    Sent: Per 16 Eylül 2004 01:33
    To: cisco-ttl_at_yahoogroups.com
    Subject: Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor

    "compromised" demek host'da virus var demektir. INterface trafiginde hangi
    subnet/host lardan cok fazla trafik geldigine bakarak yada pix'e gelen butun
    trafigi IDS'e yollayarak (windows yada Linux uzerinde) anormal trafik olup
    olmadigina bakabilirsin. Eger bu trafik fazlasi durup durup dururken yani
    ogrenci trafigi sayisi fazla artmadan oldu ise o zaman suphelenmek lazim.
    RIP V1 her 30 saniyede routing table'i komsularina yollar. RIP V2 eger
    routing table'da degisiklik varsa yollar.

    serhat

    Please respond to cisco-ttl_at_yahoogroups.com

    To: cisco-ttl_at_yahoogroups.com
    cc:
    Subject: Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor

    Verdiginiz adresi gormemistim, iyi oldu.
    show xlate bolumunde soyle bir not var;

    Note: A single host can have multiple connections to various destinations,
    but only
    one translation. If the xlate count is much larger than the number of hosts
    on your
    internal network, it is possible that one of your internal hosts has been
    compromised and is spoofing its source address and sending packets out the
    PIX.

    Sanirim sorunun karsiligi burada. Bahsedilen "compromised" kavramini her ne
    kadar
    uzlasmak olarak algiladiysam da, pixdeki karsiligini anlayamadim. Internal
    hostlardan hangisinin compromised oldugunu ve spoofing yaptigini nasil
    anlayacagiz?

    Bir de Rip V2 kullanmak gerekiyor mu?

    >
    > Bunu daha once gordunuz mu bilmiyorum, degilse bir okuyun derim..
    >
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918
    6a008009491c.shtml
    > Interface traffiklerine baktinizmi ?
    > birde RIP V1 calistirmak icin bir sebep varmi ?
    >
    > serhat
    >
    >

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    e-posta gönderebilirsiniz.
    Yahoo! Groups Links

          ---- This email is intended for the named recipient only. It may
    contain information which is confidential, commercially sensitive, or
    copyright. If you are not the intended recipient you must not reproduce or
    distribute any part of the email, disclose its contents, or take any action
    in reliance. If you have received this email in error, please contact the
    sender and delete the message. It is your responsibility to scan this email
    and any attachments for viruses and other defects. To the extent permitted
    by law, Zurich and its associates will not be liable for any loss or damage
    arising in any way from this communication including any file attachments.
    We may monitor email you send to us, either as a reply to this email or any
    email you send to us, to confirm our systems are protected and for
    compliance with company policies. Although we take reasonable precautions to
    protect the confidentiality of our email systems, we do not warrant the
    confidentiality or security of email or attachments we receive.

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    e-posta gönderebilirsiniz.

          Yahoo! Groups Sponsor
                ADVERTISEMENT

    ----------------------------------------------------------------------------

    ----
    Yahoo! Groups Links
      a.. To visit your group on the web, go to:
      http://groups.yahoo.com/group/cisco-ttl/
      b.. To unsubscribe from this group, send an email to:
      cisco-ttl-unsubscribe_at_yahoogroups.com
      c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
    


    This archive was generated by hypermail 2.1.5 : Thu Sep 16 2004 - 21:34:20 GMT