Solved

Cisco ASA 5510 showing a lot of traffic

Posted on 2011-03-16
4
480 Views
Last Modified: 2012-05-11
Hello,

This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to 63.131.76.24 which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i 63.131.76.24 I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
0
Comment
Question by:sethendres
4 Comments
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 500 total points
ID: 35153777
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host 63.131.76.24

0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35154862
How about using something like wireshark to first have a look what kind of traffic it is exactly?
0
 

Author Comment

by:sethendres
ID: 35156124
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was 8.26.203.125 it is saying it is a non-existent domain. Something just does not add up for me.

Thanks
0
 
LVL 9

Expert Comment

by:DanJ
ID: 35403717
the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now