?
Solved

Cisco ASA 5510 showing a lot of traffic

Posted on 2011-03-16
4
Medium Priority
?
486 Views
Last Modified: 2012-05-11
Hello,

This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to 63.131.76.24 which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i 63.131.76.24 I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
0
Comment
Question by:sethendres
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 2000 total points
ID: 35153777
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host 63.131.76.24

0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35154862
How about using something like wireshark to first have a look what kind of traffic it is exactly?
0
 

Author Comment

by:sethendres
ID: 35156124
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was 8.26.203.125 it is saying it is a non-existent domain. Something just does not add up for me.

Thanks
0
 
LVL 9

Expert Comment

by:DanJ
ID: 35403717
the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question