Solved

Cisco ASA 5510 showing a lot of traffic

Posted on 2011-03-16
4
482 Views
Last Modified: 2012-05-11
Hello,

This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to 63.131.76.24 which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i 63.131.76.24 I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
0
Comment
Question by:sethendres
4 Comments
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 500 total points
ID: 35153777
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host 63.131.76.24

0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35154862
How about using something like wireshark to first have a look what kind of traffic it is exactly?
0
 

Author Comment

by:sethendres
ID: 35156124
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was 8.26.203.125 it is saying it is a non-existent domain. Something just does not add up for me.

Thanks
0
 
LVL 9

Expert Comment

by:DanJ
ID: 35403717
the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question