?
Solved

FA0 on 1801 cisco router under attack

Posted on 2009-02-09
3
Medium Priority
?
539 Views
Last Modified: 2012-05-06
Hi Guys,
Traffic on FA0 is growing exponentially, which I don t know the reason.

The only thing i know is that when the traffic overwhelm the router it will just died, the only thing that can bring it  back is to connect to the console and clear the arp table.

Please help, what can I do to resolve this problem, as you can see I have up to 20 legitimate ip addresses on that result.

THE 172.xx.xx.xx ARE SOME OTHER SUBNET ON THIS NETWORK, i can see the reason why they appear here

#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.108.0.3              -   0023.04af.dbca  ARPA   FastEthernet0
Internet  10.108.0.50             0   Incomplete      ARPA
Internet  62.148.179.180          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  64.208.86.69            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  65.242.27.34            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  74.125.79.100           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  74.125.79.113           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  80.157.169.171          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  83.244.207.67           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  86.53.218.115           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  87.82.51.91             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  87.82.51.92             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  87.86.92.92             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  89.167.138.243          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  168.75.68.97            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.17.180.25           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.17.180.159          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.19.244.86           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.1              0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.82             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.120            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.124            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.134            0   0007.0e18.80f9  ARPA   FastEthernet0
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.1.156            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.173            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.179            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.181            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.1.212            0   001c.f62f.f959  ARPA   FastEthernet0
Internet  172.25.1.253            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.12.69            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.19.10            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.35.2             0   001c.f62f.f959  ARPA   FastEthernet0
Internet  172.25.50.73            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.53.10            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.63.130           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.73.2             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.74.2             0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.103.2            0   001c.f62f.f959  ARPA   FastEthernet0
Internet  172.25.104.2            0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.109.144          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.111.198          0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.114.20           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.114.61           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.114.84           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.115.17           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.119.130          0   0007.0e18.80f9  ARPA   FastEthernet0
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.120.1            -   0023.04af.dbca  ARPA   Vlan1
Internet  172.25.120.2            1   001e.c9e9.dc8d  ARPA   Vlan1
Internet  172.25.120.4            1   0024.50c7.b540  ARPA   Vlan1
Internet  172.25.120.6            1   0023.0425.0e26  ARPA   Vlan1
Internet  172.25.120.20           1   0015.c50b.b601  ARPA   Vlan1
Internet  172.25.120.22           1   001c.234e.3d12  ARPA   Vlan1
Internet  172.25.120.23           0   0018.8bbd.dc1d  ARPA   Vlan1
Internet  172.25.120.25           1   0021.9b89.099a  ARPA   Vlan1
Internet  172.25.120.28           1   001c.233e.0f9d  ARPA   Vlan1
Internet  172.25.120.29           0   0018.de67.ec20  ARPA   Vlan1
Internet  172.25.120.55           0   Incomplete      ARPA
Internet  172.25.120.56           1   001f.3a4c.1b48  ARPA   Vlan1
Internet  172.25.120.57           0   001c.230a.09fc  ARPA   Vlan1
Internet  172.25.133.216          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.135.2            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.135.130          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.137.36           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.147.2            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.147.6            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.176.2            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.177.2            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.177.40           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.177.46           1   0007.0e18.80f9  ARPA   FastEthernet0
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.177.47           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.177.156          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.209.2            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.214.29           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.220.80           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.25.222.55           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.27.9.251            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.27.15.157           0   0007.0e18.80f9  ARPA   FastEthernet0
Internet  172.27.32.93            1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  192.168.4.12            -   0023.04af.dbca  ARPA   Vlan3
Internet  194.72.6.57             1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  194.73.82.242           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  194.126.131.100         1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  195.173.72.123          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  195.173.72.124          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  203.48.199.230          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  212.58.251.89           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  212.58.253.67           1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  213.199.149.166         1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  216.52.117.151          1   0007.0e18.80f9  ARPA   FastEthernet0
Internet  216.231.195.129         1   0007.0e18.80f9  ARPA   FastEthernet0


Thanks for the anticipated response.
0
Comment
Question by:lawre1108
3 Comments
 
LVL 5

Accepted Solution

by:
ionut_mir earned 2000 total points
ID: 23589321
You should create an access-list:

access-list 10
permit 172.0.0.0 0.255.255.255
deny any log  - to see which IP's are denied

and apply this access-list inbound on the interfaces that you need (ex: F0/0, vlan 1...)

router(config-if)#ip access-group 10 in
0
 
LVL 4

Expert Comment

by:peterelvidge
ID: 23591491
On interface FA 0

do ...

no ip redirects
no ip proxy-arp


0
 

Author Closing Comment

by:lawre1108
ID: 31544456
Thanks ionut_mir, put access-list manage to stop some of the traffic, and at least allow the network to be statble, another thing thing i included is that i add keepalive.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
Not everyone has adapted to a rapid advancement in technology; there are people who are reluctant or afraid to delve into this brave new world of IT. If you have a friend or a family member who suffers from the so-called technophobia, here is how yo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question