cisco2610-求助

heineken

公司一台cisco2610的路由器连接DDN专线,内网通过防火墙与这台路由器相连.之前工作一直都是正常,但是不幸的事发生了,这两天一早上班,同事们就抱怨网速暴慢...我通过终端联接路由器,发现路由器对命令的响应很慢,打个简单的命令,字母一个一个很慢才出现,怀疑是不是给人攻击过啊?在防火墙上看日志,发现午夜是有几个ip试图对公司内网的服务器发起链接,但是给BLOCK掉了,至于pass的ip,日志里没有记录(我不知道怎么设,惭愧 )

最后的解决办法是重启路由器,事情就正常了,但是这种事连续发生3天了,我总不能天天去重启机器啊?有没高手给我解决问题???

haozi0211

路由上启
accounting-threshold  
accounting-transits

show ip accouting应该可以看的到进出的IP地址包数量和包大小
以方便分析问题

king3171

你的现象应该是受到拒绝服务的攻击，你把路由器的IOS升级成带防火墙和入侵检测功能级的IOS，把防火墙和入侵检测配出来就解决了，配起来挺麻烦的。带防火墙和入侵检测功能级的IOS LIST PRICE大概在600$，你找当地的CISCO的高认或金银牌应该可以找到

heineken

[quote]原帖由 "king3171"]你的现象应该是受到拒绝服务的攻击，你把路由器的IOS升级成带防火墙和入侵检测功能级的IOS，把防火墙和入侵检测配出来就解决了，配起来挺麻烦的。带防火墙和入侵检测功能级的IOS LIST PRICE大概在600$，你找当地的CI..........[/quote 发表：
   


要钱啊？领导不同意的！他重来都不体恤民情
不要钱能解决不？

phcool

你可以在路由器上抓包呀，分析一下就OK了，不过你得有耐心呀

云中飘

请问怎么抓包啊？

heineken

#show log


Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 8 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 8 messages logged
    Trap logging: level informational, 12 message lines logged

Log Buffer (4096 bytes):

00:00:08: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
00:00:08: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
00:00:09: %SYS-5-CONFIG_I: Configured from memory by console
00:00:09: %SYS-5-RESTART: System restarted --Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(3)T,  RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 19-Jul-00 16:02 by ccai
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, chang
ed state to up
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed sta
te to up
06:38:36: %SYS-5-CONFIG_I: Configured from console by console
06:49:30: %SYS-5-CONFIG_I: Configured from console by console



机子重启后显示以下屏幕信息。速度恢复正常。（该情况已出现三天，每天一早速度很慢，重启 router后恢复正常，防火墙有在晚11点-12点有被block的记录。——防火墙位置在router后。既DDN-router-firewall-switch）.


Press RETURN to get started!


00:00:08: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
00:00:08: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
00:00:09: %SYS-5-CONFIG_I: Configured from memory by console
00:00:09: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(3)T,  RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 19-Jul-00 16:02 by ccai
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, chang
ed state to up
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed sta
te to up

heineken

今天一早又出现这个问题了
上面是我show log 出现的信息
红色标出的地方很可疑啊?晚上12点左右公司没人的呀