Equipment Support > Hardware By Brand > Cisco > [HELP] Virus could be attaching router

[HELP] Virus could be attaching router

Never heard of a virus that 'bounces' a WAN connection before. Where does
the light go red, the WIC card or an external xSU unit? Do you have any
sort of logging software monitoring the router, and if so what do they show?
What about the output of 'show controllers t1'?

If it's a circuit hard down issue, that's a L1 / L2 problem and wireshark,
et al isn't going to tell you much. Wireshark is my preferred tool for
Windows, but there's TCPdump for *nix.

And really dumb question, what has the provider done in terms of troubleshooting
or problem isolation. I get really sick on providers who give the generic
'we checked and found nothing' spiel. Did they do remote testing and where?
Did they do intrusive / stress-testing on the circuit and with what patterns?
Did they only do 1 type of pattern testing, or multiple, and how long? If this
is production impacting, I'd get them to schedule a head-to-head test where
you basically loop between their CO router and yours for a couple hours.

Just my 00000010 bits.

Regards

What Hellfire said. A virus won't affect your WAN interface on your router. If your WAN circuit is bouncing or taking errors then you should see the problem indicated on your WAN interface.

Log into the router and do a show interface . Look for input errors, carrier transition, aborts and whatever else is present. You can also clear the counters on that interface to get a fresh bench mark then check it periodically.

Either way VZ needs to perform an intrusive test on the ckt to identify any issues.
--
"There are two American flags flying on the property I reside on. Anyone who tries to take them down will be rendered inoperative." -Lindy

Also check to make sure that you're not having packet collisions (aka duplex).

I just found out from Verizon, they did see packet dicards on there end, they rebuilt the private virtual circuit and it appears to be working again.

Probably spoke to a tech support guy from India at first.

"Network Guy" for 10 years on dslr you sure have basic common sense. Does it matter if the guy's from India or not? Have you ever talked to Cisco TAC in your life?

There are bots aka "VIRUSES" out there built specifically for harvesting/ Rooting Routers and Switches. Google it.

Secure your Router and overall network.

Simple google search for securing your Routers, many more can be found.

»www.infosecwriters.com/text_reso···isco.pdf

It was merely a wise ass comment.

With proper ACLs in place no one should have to worry about things like rooting of a router or harvesting. One of my rules of thumb.. If a network admin wants the convenience of managing border devices remotely, good countermeasures take higher priority over access.

If they want remote access, then they VPN in and access it from the "inside".

Inside out, not outside in.

Me personally, I use ACLs to lock down access to the VTY lines of my devices to a few select internal hosts. Of those hosts, only one is actually accessible from outside the network, and only via SSH.