【求助】PIX 过载是何原因？是否遭受攻击？

fairysky

公司PIX有些异常\r\nCPU使用率30％\r\n内存使用率99％\r\n\r\n请问是否因为配置太多造成的？还是有遭受攻击的嫌疑？但是遭受攻击的话，应该是CPU打满，而不该是内存啊.\r\n\r\n请问如何做troubleshooting？\r\n\r\n谢谢！

fairysky

PIX#show logging\r\nSyslog logging: enabled\r\n    Facility: 20\r\n    Timestamp logging: enabled\r\n    Standby logging: enabled\r\n    Debug-trace logging: disabled\r\n    Console logging: disabled\r\n    Monitor logging: disabled\r\n    Buffer logging: level warnings, 9990570 messages logged\r\n    Trap logging: level informational, facility 20, 184951462 messages logged\r\n        Logging to inside 10.225.68.66\r\n    History logging: disabled\r\n    Device ID: disabled\r\n    Mail logging: disabled\r\n    ASDM logging: level informational, 184951472 messages logged\r\n, 0x0]\r\nJun 26 2009 15:35:40: %PIX-4-106023: Deny udp src wan:10.236.145.173/26872 dst inside:10.225.80.67/6004 by access-group \"aclwan\" [0x0, 0x0]\r\nJun 26 2009 15:35:40: %PIX-4-106023: Deny udp src inside:10.225.68.22/137 dst wan:10.225.161.62/137 by access-group \"aclinside\" [0x0, 0x0]\r\nJun 26 2009 15:35:40: %PIX-4-106023: Deny udp src wan:10.236.133.23/4301 dst inside:10.225.68.15/161 by access-group \"aclwan\" [0x0, 0x0]\r\nJun 26 2009 15:35:40: %PIX-4-106023: Deny udp src wan:10.236.133.23/4301 dst inside:10.225.68.15/161 by access-group \"aclwan\" [0x0, 0x0]\r\nJun 26 2009 15:35:41: %PIX-4-106023: Deny tcp src Merck:10.225.73.115/2747 dst outside:125.251.26.196/80 by access-group \"aclMek\" [0x0, 0x0]\r\nJun 26 2009 15:35:41: %PIX-4-106023: Deny udp src inside:10.225.68.22/137 dst wan:219.70.55.2/137 by access-group \"aclinside\" [0x0, 0x0]\r\nJun 26 2009 15:35:41: %PIX-4-106023: Deny tcp src inside:10.225.106.185/1118 dst outside:213.61.45.102/1820 by access-group \"aclinside\" [0x0, 0x0]\r\nJun 26 2009 15:35:41: %PIX-4-106023: Deny tcp src wan:10.237.125.70/4078 dst inside:10.225.68.3/445 by access-group \"aclwan\" [0x0, 0x0]\r\nJun 26 2009 15:35:41: %PIX-4-106023: Deny tcp src wan:10.236.145.244/3378 dst inside:10.225.68.3/445 by access-group \"aclwan\" [0x0, 0x0]\r\n..............\r\n\r\n只是一些不符合指定ACL而被deny的记录，请问接下来该怎么查？或者查些什么？\n\n[ 本帖最后由 fairysky 于 2009-6-26 15:46 编辑 ]

fairysky

# show cpu usage\r\nCPU utilization for 5 seconds = 22%; 1 minute: 21%; 5 minutes: 22%\r\n\r\n# show memory\r\nFree memory:        32071792 bytes (11%)\r\nUsed memory:       262286304 bytes (89%)\r\n-------------     ----------------\r\nTotal memory:      294358096 bytes (100%)\r\n\r\n请各位多多指点，谢谢！

ssffzz1

贴进程列表，命令忘记了。

marsteel

先升级pix image，啊哈

fairysky

#show process memory\r\n\r\n--------------------------------------------------------------\r\nAllocs   Allocated       Frees         Freed           Process\r\n          (bytes)                      (bytes)\r\n--------------------------------------------------------------\r\n813      13343485        6             180             *System Main*\r\n3114948  632875120       2994810       631315544       tmatch compile thread\r\n53862708 12481165926     53860500      12468144010     Dispatch Unit\r\n......\r\n\r\n我就贴了最大的两个，我和周围的兄弟讨论了一下，所有PIX都是这个Dispatch Unit进程最耗内存。\r\n有没有知道的朋友，给点解决方案吧！\n\n[ 本帖最后由 fairysky 于 2009-6-29 15:34 编辑 ]

xxxxxxyyyyyyche

统计功能，这个比较占内存和CPU,关闭统计功能