Solved

Cisco ASA 5510 showing a lot of traffic

Posted on 2011-03-16
4
483 Views
Last Modified: 2012-05-11
Hello,

This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to 63.131.76.24 which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i 63.131.76.24 I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
0
Comment
Question by:sethendres
4 Comments
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 500 total points
ID: 35153777
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host 63.131.76.24

0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35154862
How about using something like wireshark to first have a look what kind of traffic it is exactly?
0
 

Author Comment

by:sethendres
ID: 35156124
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was 8.26.203.125 it is saying it is a non-existent domain. Something just does not add up for me.

Thanks
0
 
LVL 9

Expert Comment

by:DanJ
ID: 35403717
the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question