Had a big problem last night and was wondering if there is something I can do to prevent from happening again.
Yesterday, at 5:30PM my router crashed. Port FA0/1 (which connects to my LAN) was being hammered and showing almost 5,000 packets a second. It is a Cisco 3640 router. So I consoled to the router, and it kept locking up on me. So if I would do a 'sh run' it would print out, maybe 1 screen, and then hang... If I disconnected the FA0/1 port then the rest would print out. Anyway, I tracked it down to a server that had mIRC on it... don't know how it got on there, but I checked my firewall. I see rules in there, allow any source to 'THIS SERVER'. Also I saw another one, but wasn't sure why it was there either. Anyway, I turned off the server and everything started functioning correctly. This morning I came in, and connected another server to the network (I used this servers network cable, the night before to attach to my laptop) and it went down again.... I disconnected that network cable and everything worked again.
Has anyone heard of something like this going around, or is there something I can do on my servers to prevent this?
I removed 1 rule from my firewall, but do not plan to remove the other until 4:30 today. I cannot risk my network going down during trading hours.
Any advice would be helpful.
PS: I called Cisco and talked to their tech for over an hour, which didn't help me for crap, halfway through the call he said 'oh, fa0/1 is the port with the problem?'............