just nat
Best Regards
Have A Good Day!!
*******************************************
Farhan Ahmed*
MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.
*******************************************
Privileged/Confidential Information may be contained in this message or
Attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.
> -----Original Message-----
> From: Gareth Hinton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 08, 2001 1:30 AM
> To: [EMAIL PROTECTED]
> Subject: Code Red?? Virus Problems for DDR and Pix [7:15160]
>
>
> Had some problem site today where router was constantly
> dialling different
> sites. I must admit this was not a Cisco router, it was a
> Bintec but I think
> a problem which would be the same with a Cisco, so thought
> I'd mention it
> here.
> I shoved a sniffer on the ethernet interface of the router
> (Bintec debug is
> poor), and found that three servers on the LAN were
> constantly sending http
> port 80 packets to (almost) random addresses. I say random,
> because they did
> seem to be within the Class A range even though the ethernet
> was using a 24
> bit mask.
> There was no reason for this traffic apparently, other than one of the
> variants of Code Red virus on the three servers. Once all the
> Microsoft
> patches were installed and the servers re-booted, the problem
> disappeared.
> I'll be honest that I haven't had a good look which of the
> variants it was,
> as the rest of the day has been pretty busy.
>
>
> Also had another problem which I don't know whether is
> connected or not.
> We've had a sudden flow of support customers with Pix 506 which keep
> re-booting (very regularly - few minutes).
> We've replaced a few of them, upgrading the code from the
> deferred 5.3.1 to
> 5.3.2 and waiting to hear whether that alone has cured the problem.
> In the lab, I couldn't get the box to fall over even with the
> deferred code
> on. Tried using the sniffed packets from above server faults
> with traffic
> generator to generate 100% network traffic, but still stayed up.
>
> Something I did notice was that the customers config used the outside
> interface within the global range, and had no overload.
>
> i.e. (IP addresses changed)
>
> ip address outside 192.49.146.243 255.255.255.248
> global (outside) 1 192.49.146.243-192.49.146.246
>
> whereas I used something more like:
>
> ip address outside 192.49.146.243 255.255.255.248
> global (outside) 1 192.49.146.244-192.49.146.245
> global (outside) 1 192.49.146.246
>
> I know I could now use the outside interface with the
> accepted commands, but
> I am not convinced that the customers config is a workable method.
>
> Can anybody advise on whether or not the customers config
> would actually do
> PAT, or whether it would allow four NAT sessions then stop.
> I won't rattle on any more as I suspect the number of people
> reading this
> far is limited, but may have further input if the thread continues.
>
> Regards,
>
> Gaz
[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15591&t=15160
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
