Cisco ASA 5510 showing a lot of traffic

Hello,

This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to 63.131.76.24 which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i 63.131.76.24 I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
sethendresAsked:
Who is Participating?
 
slamjam2000Connect With a Mentor Commented:
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host 63.131.76.24

0
 
Ernie BeekExpertCommented:
How about using something like wireshark to first have a look what kind of traffic it is exactly?
0
 
sethendresAuthor Commented:
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was 8.26.203.125 it is saying it is a non-existent domain. Something just does not add up for me.

Thanks
0
 
DanJCommented:
the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.