dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4503
share rss forum feed


authurmell

join:2012-07-18
united kingd

[HELP] Slow & No internet: Router misconfigured or malware attac

Hi, I have just taken over an existing corporate network consisting of a Windows 2003 server DC, 2 x cisco catalyst switches 2960, 2 x catalyst switches 3560 and a router 1803. (fyi there is also another unconnected Router and 1 unconnected Exchange server)

The customer complains that the internet is very slooow for all clients in the network at all times and sometimes there is NO internet access at all, at which point they switch the router On and Off to restore the internet. Most clients complain of websites loading with missing buttons, that is, NOT fully loading.

I hooked up the console on the Router and saw that it is constantly spewing non-stop log alerts about traffic being denied and dropped on normal ports, especially 80, with the following reasons over and over again from most clients:

%APPFW-3-HTTP_MAX_REQ_EXCEED: Maximum of 10 un
answered HTTP requests exceeded from [Internal IP] to [External IP:80]
 
%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP pro
tocol violation detected -  HTTP Protocol not detected from [Internal IP] to [External IP:80]
 
%SEC-6-IPACCESSLOGP: list 104 denied tcp [External IP:80] to [Internal IP]
 
%FW-6-DROP_PKT: Dropping tcp pkt [External IP:80] to [Internal IP]
 
%APPFW-4-HTTP_DEOBFUSCATE: Sig:14 Deobfuscatio
n signature detected -  HTTP deobfuscation detected IDS evasion technique from [Internal IP] to [External IP:80]
 

I suspect malware attacks since Anti-virus has not been implimented properly and some clients dont even have any while the server has NONE, but is it possible that the Access List 104 which appears everywhere is misconfigured? Or do I just need to update the IOS software? Someone help!

Below is a portion of the Tech Support Log which contains everything (I hope) you need to help me solve this issue, Pleeeease!

!This is the show tech-support output of the router: show tech-support
!----------------------------------------------------------------------------
 
------------------ show version ------------------
 
Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(6)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 08-Dec-06 13:09 by kellythw
 
ROM: System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
 
{MY ROUTER NAME} uptime is 5 hours, 2 minutes
System returned to ROM by power-on
System image file is "flash:c180x-advipservicesk9-mz.124-6.T6.bin"
 
Cisco 1803 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of memory.
Processor board ID FCZ1109224C, with hardware revision 0000
 
1 DSL controller
9 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
31488K bytes of ATA CompactFlash (Read/Write)
 
Configuration register is 0x2102
 
------------------ show running-config ------------------
 
Building configuration...
 
Current configuration : 15012 bytes
!
version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname {MY ROUTER NAME}
!
boot-start-marker
boot-end-marker
!
logging buffered 256000 debugging
enable secret 5 <removed>
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
aaa session-id common
!
resource policy
!
clock timezone BST 0
no ip source-route
!
!
ip cef
!
!
ip domain name {MY DOMAIN NAME}
ip name-server {MY DC SERVER IP}
ip name-server {MY ROUTER IP x.x.x.1}
ip ssh time-out 60
ip ssh authentication-retries 2
ip port-map smtp port tcp 25 list 1 description smtp
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name messenger.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on
!
!
!
username {MY USERNAME} privilege 15 view root secret 5 <removed>
!
!
controller DSL 0
 mode atm
 line-term cpe
 line-mode 2-wire line-zero
 dsl-mode shdsl symmetric annex B
 line-rate auto
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
 class sdm_p2p_edonkey
   drop
 class sdm_p2p_gnutella
   drop
 class sdm_p2p_kazaa
   drop
 class sdm_p2p_bittorrent
   drop
!
! 
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp client configuration group REMOTE
 key {MY KEY}
 dns {MY DC SERVER IP} 158.43.128.1
 domain vpn.{MY DOMAIN NAME}
 pool REMOTE_IPaddresses
 acl InterestingTraffic
!
!
crypto ipsec transform-set REMOTE_SET esp-aes esp-sha-hmac 
!
crypto dynamic-map REMOTE_MAP 1
 set transform-set REMOTE_SET 
 reverse-route tag 255
!
!
crypto map REMOTE_VPN client authentication list default
crypto map REMOTE_VPN isakmp authorization list default
crypto map REMOTE_VPN client configuration address respond
crypto map REMOTE_VPN 10 ipsec-isakmp dynamic REMOTE_MAP 
!
!
!
!
interface FastEthernet0
 description *** {MY NETWORK DESCRIPTION} ****$FW_INSIDE$$ETH-LAN$
 ip address {MY ROUTER IP x.x.x.2} 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 standby 1 ip {MY ROUTER IP x.x.x.1}
 standby 1 priority 150
 standby 1 preempt
 standby 1 authentication md5 key-string 7 {MY KEY STRING}
 standby 1 track ATM0 50
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
 mtu 1464
 no ip address
 no atm ilmi-keepalive
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Vlan1
 no ip address
!
interface Dialer1
 no ip address
!
interface Dialer0
 description **** {MY 2MB SDSL PRIMARY LINK} ****$FW_OUTSIDE$
 ip address negotiated
 ip access-group 104 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect SDM_MEDIUM out
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname {MY HOSTNAME@XXXX.CO.UK}
 ppp chap password 7 {MY PASSWORD}
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map REMOTE_VPN
 service-policy input sdmappfwp2p_SDM_MEDIUM
 service-policy output sdmappfwp2p_SDM_MEDIUM
!
ip local pool REMOTE_IPaddresses X.X.X.X X.X.X.X
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static tcp {MY EXCHANGE SERVER - STATUS IS OFFLINE} 25 {MY EXTERNAL IP} 25 extendable
ip nat inside source static tcp {MY EXCHANGE SERVER - STATUS IS OFFLINE} 143 {MY EXTERNAL IP} 143 extendable
ip nat inside source static tcp {MY EXCHANGE SERVER - STATUS IS OFFLINE} 443 {MY EXTERNAL IP} 443 extendable
ip nat inside source static tcp {MY DC SERVER IP} 3389 {MY EXTERNAL IP} 3389 extendable
!
ip access-list extended InterestingTraffic
 permit ip {X.X.X}.0 0.0.0.255 {X.X.X}.0 0.0.0.255
 remark *** Split Tunneling for VPN Internet access ***
!
access-list 1 remark SDM_ACL Category=0
access-list 1 permit {MY EXCHANGE SERVER - STATUS IS OFFLINE}
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip {X.X.X}.0 0.0.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host {MY EXTERNAL IP} eq smtp
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 443
access-list 101 remark Auto generated by SDM for NTP (123) {X.X.X.X}
access-list 101 permit udp host {X.X.X.X} eq ntp any eq ntp
access-list 101 permit ahp any any
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
access-list 101 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip {X.X.X}.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=3
access-list 102 permit udp host {MY ROUTER IP x.x.x.1} eq domain any
access-list 102 permit udp host {MY DC SERVER IP} eq domain any
access-list 102 permit tcp any host {MY EXTERNAL IP} eq smtp
access-list 102 permit tcp any any eq smtp
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp any any eq www
access-list 103 permit tcp any host {MY EXTERNAL IP} eq smtp
access-list 103 permit tcp any any eq 443
access-list 103 remark Auto generated by SDM for NTP (123) {X.X.X.X}
access-list 103 permit udp host {X.X.X.X} eq ntp any eq ntp
access-list 103 permit ahp any any
access-list 103 permit esp any any
access-list 103 permit udp any any eq isakmp
access-list 103 permit udp any any eq non500-isakmp
access-list 103 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
access-list 103 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any unreachable
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip {X.X.X}.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip {X.X.X}.0 0.0.0.255 any
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any host {MY EXTERNAL IP} eq 3389
access-list 104 permit tcp any host {MY EXTERNAL IP} eq 143
access-list 104 permit tcp any host {MY EXTERNAL IP} eq 443
access-list 104 permit tcp any host {MY EXTERNAL IP} eq smtp
access-list 104 permit tcp any host {MY EXTERNAL IP} eq www
access-list 104 permit tcp any any eq www
access-list 104 permit tcp any eq telnet any eq telnet
access-list 104 permit icmp any any
access-list 104 permit tcp any any eq smtp
access-list 104 permit tcp any any eq 443
access-list 104 remark Auto generated by SDM for NTP (123) {X.X.X.X}
access-list 104 permit udp host {X.X.X.X} eq ntp any eq ntp
access-list 104 permit ahp any any
access-list 104 permit esp any any
access-list 104 permit udp any any eq isakmp
access-list 104 permit udp any any eq non500-isakmp
access-list 104 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
access-list 104 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip {X.X.X}.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip {X.X.X}.0 0.0.0.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
banner exec ^C
***********************************************************************
***********************************************************************
***                                                                 ***
***  Unauthorised access or use of this equipment is prohibited     ***
***  and constitutes an offence under the Computer Misuse Act 1990. ***
***  If you are not authorised to use this system, terminate this   ***
***  session now!!!                                                 ***
***                                                                 ***
***********************************************************************
***********************************************************************
^C
banner login ^C*****UNAUTHORISED ACCESS IS PROHIBITED*******^C
!
line con 0
 password 7 <removed>
 logging synchronous
 login authentication local_authen
 transport output telnet
 stopbits 1
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 session-timeout 60 
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
 transport output none
line vty 5 15
 session-timeout 60 
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 16 193
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
ntp clock-period 17180127
ntp server {X.X.X.X}
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
 
------------------ show interfaces ------------------
 
FastEthernet0 is up, line protocol is up 
  Hardware is PQ3_TSEC, address is {MY MAC ADDRESS} (bia {MY MAC ADDRESS})
  Description: *** {MY NETWORK DESCRIPTION} ****$FW_INSIDE$$ETH-LAN$
  Internet address is {MY ROUTER IP x.x.x.2}/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 2/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 968000 bits/sec, 615 packets/sec
  5 minute output rate 608000 bits/sec, 624 packets/sec
     6220534 packets input, 1428574574 bytes
     Received 42717 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     6193333 packets output, 860642469 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
 
ATM0 is up, line protocol is up 
  Hardware is {MY MAC ADDRESS}
  MTU 1464 bytes, sub MTU 1464, BW 2048 Kbit, DLY 180 usec, 
     reliability 255/255, txload 3/255, rxload 33/255
  Encapsulation ATM, loopback not set
  Encapsulation(s): AAL5 , PVC mode
  23 maximum active VCs, 1024 VCs per VP, 1 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Per VC Queueing
  5 minute input rate 272000 bits/sec, 57 packets/sec
  5 minute output rate 32000 bits/sec, 45 packets/sec
     676959 packets input, 463188663 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 3544 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     647174 packets output, 282249309 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out
 
 
 
------------------ show ip nat statistics ------------------
 
Total active translations: 852 (4 static, 848 dynamic; 852 extended)
Outside interfaces:
  Dialer0, Virtual-Access2
Inside interfaces: 
  FastEthernet0
Hits: 1260799  Misses: 14919
CEF Translated packets: 980929, CEF Punted packets: 468387
Expired translations: 112861
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 102 interface Dialer0 refcount 847
Queued Packets: 0
 
------------------ show ip nat translations ------------------
 
Pro Inside global      Inside local       Outside local      Outside global
tcp {MY EXTERNAL IP}:1     {MY EXTERNAL IP}:80    31.45.51.98:51447  31.45.51.98:51447
tcp {MY EXTERNAL IP}:15    {MY EXTERNAL IP}:80    85.174.215.246:64567 85.174.215.246:64567
tcp {MY EXTERNAL IP}:6     {MY EXTERNAL IP}:80    92.252.188.38:49751 92.252.188.38:49751
tcp {MY EXTERNAL IP}:8     {MY EXTERNAL IP}:80    125.208.222.251:1829 125.208.222.251:1829
udp {MY EXTERNAL IP}:2     {MY EXTERNAL IP}:123   {X.X.X.X}:123 {X.X.X.X}:123
udp {MY EXTERNAL IP}:50    {MY ROUTER IP x.x.x.1}1:123  {X.X.X.X}:123 {X.X.X.X}:123
udp {MY EXTERNAL IP}:49    {MY ROUTER IP x.x.x.1}3:123  {X.X.X.X}:123 {X.X.X.X}:123
tcp {MY EXTERNAL IP}:2079  {MY ROUTER IP x.x.x.1}01:2079 23.67.242.89:80   23.67.242.89:80
udp {MY EXTERNAL IP}:2105  {MY ROUTER IP x.x.x.1}01:2105 130.117.190.243:2001 130.117.190.243:2001
udp {MY EXTERNAL IP}:2113  {MY ROUTER IP x.x.x.1}01:2113 62.128.100.43:2001 62.128.100.43:2001
tcp {MY EXTERNAL IP}:2116  {MY ROUTER IP x.x.x.1}01:2116 64.135.77.160:80  64.135.77.160:80
tcp {MY EXTERNAL IP}:2117  {MY ROUTER IP x.x.x.1}01:2117 64.135.77.160:80  64.135.77.160:80
tcp {MY EXTERNAL IP}:2120  {MY ROUTER IP x.x.x.1}01:2120 174.120.184.50:80 174.120.184.50:80
tcp {MY EXTERNAL IP}:2121  {MY ROUTER IP x.x.x.1}01:2121 174.120.184.50:80 174.120.184.50:80
tcp {MY EXTERNAL IP}:2124  {MY ROUTER IP x.x.x.1}01:2124 207.123.57.126:80 207.123.57.126:80
tcp {MY EXTERNAL IP}:2126  {MY ROUTER IP x.x.x.1}01:2126 83.223.125.218:80 83.223.125.218:80
udp {MY EXTERNAL IP}:2129  {MY ROUTER IP x.x.x.1}01:2129 130.117.190.234:2001 130.117.190.234:2001
udp {MY EXTERNAL IP}:2132  {MY ROUTER IP x.x.x.1}01:2132 119.254.93.30:2001 119.254.93.30:2001
tcp {MY EXTERNAL IP}:2134  {MY ROUTER IP x.x.x.1}01:2134 83.223.125.218:80 83.223.125.218:80
udp {MY EXTERNAL IP}:65254 {MY DC SERVER IP}:65254 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65290 {MY DC SERVER IP}:65290 68.180.131.16:53 68.180.131.16:53
udp {MY EXTERNAL IP}:65290 {MY DC SERVER IP}:65290 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65301 {MY DC SERVER IP}:65301 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65309 {MY DC SERVER IP}:65309 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65354 {MY DC SERVER IP}:65354 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65357 {MY DC SERVER IP}:65357 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65375 {MY DC SERVER IP}:65375 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65391 {MY DC SERVER IP}:65391 158.43.192.1:53  158.43.192.1:53
udp {MY EXTERNAL IP}:65493 {MY DC SERVER IP}:65493 158.43.192.1:53  158.43.192.1:53
tcp {MY EXTERNAL IP}:25    {MY EXCHANGE SERVER - STATUS IS OFFLINE}:25  ---                ---
tcp {MY EXTERNAL IP}:143   {MY EXCHANGE SERVER - STATUS IS OFFLINE}:143 ---                ---
tcp {MY EXTERNAL IP}:443   {MY EXCHANGE SERVER - STATUS IS OFFLINE}:443 ---                ---
 
------------------ show access-list ------------------
 
Standard IP access list 1
    10 permit {MY EXCHANGE SERVER - STATUS IS OFFLINE}
Extended IP access list 100
    10 permit ip {X.X.X}.0 0.0.255.255 any
    20 deny ip host 255.255.255.255 any
    30 deny ip 127.0.0.0 0.255.255.255 any
    40 permit ip any any
Extended IP access list 101
    10 permit tcp any host {MY EXTERNAL IP} eq smtp
    20 permit tcp any any eq www
    30 permit tcp any any eq 443
    40 permit udp host {X.X.X.X} eq ntp any eq ntp
    50 permit ahp any any
    60 permit esp any any
    70 permit udp any any eq isakmp
    80 permit udp any any eq non500-isakmp
    90 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    100 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
    110 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
    120 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
    130 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
    140 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
    150 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
    160 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
    170 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
    180 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
    190 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    200 permit icmp any any echo-reply
    210 permit icmp any any time-exceeded
    220 permit icmp any any unreachable
    230 deny ip 10.0.0.0 0.255.255.255 any
    240 deny ip 172.16.0.0 0.15.255.255 any
    250 deny ip {X.X.X}.0 0.0.255.255 any
    260 deny ip 127.0.0.0 0.255.255.255 any
    270 deny ip host 255.255.255.255 any
    280 deny ip host 0.0.0.0 any
    290 deny ip any any log
Extended IP access list 102
    10 permit udp host {MY ROUTER IP x.x.x.1} eq domain any
    20 permit udp host {MY DC SERVER IP} eq domain any (16758936 matches)
    30 permit tcp any host {MY EXTERNAL IP} eq smtp
    40 permit tcp any any eq smtp
    50 deny ip host 255.255.255.255 any
    60 deny ip 127.0.0.0 0.255.255.255 any
    70 permit ip any any (1109777 matches)
Extended IP access list 103
    10 permit tcp any any eq www
    20 permit tcp any host {MY EXTERNAL IP} eq smtp
    30 permit tcp any any eq 443
    40 permit udp host {X.X.X.X} eq ntp any eq ntp
    50 permit ahp any any
    60 permit esp any any
    70 permit udp any any eq isakmp
    80 permit udp any any eq non500-isakmp
    90 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    100 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
    110 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
    120 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
    130 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
    140 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
    150 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
    160 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
    170 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
    180 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
    190 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    200 permit icmp any any echo-reply
    210 permit icmp any any time-exceeded
    220 permit icmp any any unreachable
    230 deny ip 10.0.0.0 0.255.255.255 any
    240 deny ip 172.16.0.0 0.15.255.255 any
    250 deny ip {X.X.X}.0 0.0.255.255 any
    260 deny ip 127.0.0.0 0.255.255.255 any
    270 deny ip host 255.255.255.255 any
    280 deny ip host 0.0.0.0 any
    290 deny ip {X.X.X}.0 0.0.0.255 any
    300 deny ip any any log
Extended IP access list 104
    10 permit tcp any host {MY EXTERNAL IP} eq 3389 (106996 matches)
    20 permit tcp any host {MY EXTERNAL IP} eq 143
    30 permit tcp any host {MY EXTERNAL IP} eq 443 (19 matches)
    40 permit tcp any host {MY EXTERNAL IP} eq smtp (3 matches)
    50 permit tcp any host {MY EXTERNAL IP} eq www (36 matches)
    60 permit tcp any any eq www
    70 permit tcp any eq telnet any eq telnet
    80 permit icmp any any (172 matches)
    90 permit tcp any any eq smtp
    100 permit tcp any any eq 443 (1 match)
    110 permit udp host {X.X.X.X} eq ntp any eq ntp
    120 permit ahp any any
    130 permit esp any any
    140 permit udp any any eq isakmp
    150 permit udp any any eq non500-isakmp
    160 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    170 permit ip host {X.X.X}.29 {X.X.X}.0 0.0.0.255
    180 permit ip host {X.X.X}.28 {X.X.X}.0 0.0.0.255
    190 permit ip host {X.X.X}.27 {X.X.X}.0 0.0.0.255
    200 permit ip host {X.X.X}.26 {X.X.X}.0 0.0.0.255
    210 permit ip host {X.X.X}.25 {X.X.X}.0 0.0.0.255
    220 permit ip host {X.X.X}.24 {X.X.X}.0 0.0.0.255
    230 permit ip host {X.X.X}.23 {X.X.X}.0 0.0.0.255
    240 permit ip host {X.X.X}.22 {X.X.X}.0 0.0.0.255
    250 permit ip host {X.X.X}.21 {X.X.X}.0 0.0.0.255
    260 permit ip host X.X.X.X {X.X.X}.0 0.0.0.255
    270 permit icmp any any echo-reply
    280 permit icmp any any time-exceeded
    290 permit icmp any any unreachable
    300 deny ip 10.0.0.0 0.255.255.255 any
    310 deny ip 172.16.0.0 0.15.255.255 any
    320 deny ip {X.X.X}.0 0.0.255.255 any (3 matches)
    330 deny ip 127.0.0.0 0.255.255.255 any
    340 deny ip {X.X.X}.0 0.0.0.255 any
    350 deny ip host 255.255.255.255 any
    360 deny ip host 0.0.0.0 any
    370 deny ip any any log (46087 matches)
Extended IP access list InterestingTraffic
    10 permit ip {X.X.X}.0 0.0.0.255 {X.X.X}.0 0.0.0.255
 
 

THANK YOU for reaching this point!!! Can you help?


weoo

@bms.com

Re: [HELP] Slow & No internet: Router misconfigured or malware a

Looks like you have an attack coming from your internal network. Check the computers with the Ip's listed in the log.

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to authurmell
It looks like the router has ZBF in place which I'm never a big fan of due to questionable inspection process compared to similar process in an actual firewall hardware (i.e. Cisco ASA 5505, Juniper SRX 100).

A quick dirty solution would probably be implementing CBAC instead of ZBF. A long-term suggested solution will be to put a dedicated firewall between the router and the Catalyst 3560 switch to offload the firewall work and to have more reliable inspection process.


authurmell

join:2012-07-18
united kingd

1 edit
reply to weoo
thanks, am sure there's lots of malware threats...I will start with installing MSE on all clients and scanning with Malwarebytes and SpywareTerminator.............

What AV should I recommend on the Server???


authurmell

join:2012-07-18
united kingd
reply to aryoba
am on v12.4 so yes ZBF is in play thank you. But can you link me to a cisco/non-cisco resource about 'changing from ZBF to CBAC' or give me a quick idea of what is involved? I have never seen the CLI command or SDM option to choose between classic and Zone-based firewall when configuring it......

Are the CRC errors on ATM interface likely due to the dropped packets?


authurmell

join:2012-07-18
united kingd
reply to authurmell
No one has mentioned the strict http inspection that may cause legit web pages not to load intermittently, for example I am getting Yahoo Mail issues:

%APPFW-4-HTTP_STRICT_PROTOCOL: Sig:15 HTTP pro
tocol violation detected -  HTTP Protocol not detected from [INTERNAL NETWORK]:57292
 to 67.195.186.127:80
 

Could it be that a reset action for strict-http is "too strict" and therefore affecting too many normal websites??? I cant get to the router to check the application settings moment, so is there a way to tell whether it is set to allow, alarm or reset just by looking at my extensive logs?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to authurmell
Looks like it's a CBAC conifg with APPFW running.

The first things I'd check are as follows here

I also agree that your appfw may be alittle TOO restrictive as follows :

  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
 

Anything registering as Instant Message or P2P use of HTTP and the router will reset the connection.
Either set it all to allow / alarm as follows :

  application http
    strict-http action allow alarm
    port-misuse im action allow alarm
    port-misuse p2p action allow alarm
    port-misuse tunneling action allow alarm
 

or shut it off entirely.

One other thing I'd check is if this is a DSL connection, you may want to check the MTU is set right.
I've seen the MTU be as low as 1380 to as high as 1494bytes. The least intrustive way to test this
is to pick a URL (preferablly hosting a webpage) and ping with progressively larger packet sizes with
the DF bit set and see if packets get all the way through or not.

My 00000010bits.

Regards


authurmell

join:2012-07-18
united kingd

1 edit
@ HELLFIRE See Profile
thanks for the link and clearing up the type of firewall issue, it was always CBAC and then when the software was updated to v12 it was never changed to ZBF, so its most definitely still CBAC.

With regards to the application http, am I right to think that the IM and P2P resets could be responsible for the partially downloaded yahoomail pages? I had initially assumed it was yahoo's fault:---> »help.yahoo.com/communities/index···492463a3

Now, if I shut off 'application http' or change it to allow/alarm, does it affect the other individual rules set under 'application im yahoo', 'application im aol' and 'application im msn'?
appfw policy-name SDM_MEDIUM
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name messenger.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on
 

The line is supposed to be a 2MB SDSL, so do the MTU values you propose still apply?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to authurmell
Reset would terminate the connection ENTIRELY rather than partially downloading an entire page, at least if you
were looking from a TCP perspective, so I suspect that's not the case.

If you shut off or change 'application http' it only affects the settings for 'application http.'

DSL is DSL so IIRC MTU still does apply. There was a really nice explanation of how MTU and DSL / ATM works in this
forum, I just don't recall the thread name or when it was posted.

Regards

aryoba
Premium,MVM
join:2002-08-22
kudos:4
said by HELLFIRE:

DSL is DSL so IIRC MTU still does apply. There was a really nice explanation of how MTU and DSL / ATM works in this forum, I just don't recall the thread name or when it was posted.

It should be available under this forum's FAQ


authurmell

join:2012-07-18
united kingd
okay thx, I'll get searching...


authurmell

join:2012-07-18
united kingd
reply to HELLFIRE
I noticed high cpu utilization which may explain the sloooow performance, so I hope someone can spot the culprit in these results because I can't; I have observed that Appfw IM DNS Res, IP Input and Collect Stat Counter processes have the highest cpu utilization BUT how do I still get 77% utilization? Am i missing something???

(show memory statistics, show process memory, show process cpu and show process cpu history:)

------------------ show memory statistics ------------------
 
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   838471DC    62623268    33497000    29126268    27452032    25779000
      I/O    7400000    12582912     5371036     7211876     7176048     7188092
 
------------------ show process memory ------------------
 
Processor Pool Total:   62623268 Used:   33497888 Free:   29125380
      I/O Pool Total:   12582912 Used:    5370896 Free:    7212016
 
 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
   0   0   74030308   39038008   32621316       1054    1129414 *Init*          
   0   0      12052  690124848      12052          0          0 *Sched*         
   0   0 1293802584 2474503360     234424          3          3 *Dead*          
   1   0    3718208    1934836    1790448          0          0 Chunk Manager   
   2   0        252        252       4076          0          0 Load Meter      
   3   0    4281320    4276492      18048          0          0 HTTP CP         
   4   0       3116          0      10252          0          0 Check heaps     
   5   0      68352     249152      45096         45          0 Pool Manager    
   6   0        252        252       7076          0          0 Timers          
   7   0        252        252       7076          0          0 LED Timers      
   8   0          0          0      25076          0          0 Crash writer    
   9   0          0          0       7076          0          0 Over Heat Deboun
  10   0          0          0       7076          0          0 Fan Fault Deboun
  11   0        420          0       7496       2359       2359 ARP Input       
  12   0        252        252       7076          0          0 ATM Idle Timer  
  13   0        252        252       7076          0          0 AAA high-capacit
  14   0          0          0       7076          0          0 AAA_SERVER_DEADT
  15   0          0          0      13076          0          0 Policy Manager  
  16   0        492        252       7316          0          0 DDR Timers      
  17   0       3528          0      10604         38         38 Entity MIB API  
  18   0     261628          0     271704       5384       5352 EEM ED Syslog   
  19   0          0          0       7076          0          0 HC Counter Timer
  20   0        252        252       7076          0          0 Serial Backgroun
  21   0          0          0       7076          0          0 RO Notify Timers
  22   0          0          0       4076          0          0 RMI RM Notify Wa
  23   0        252        252       7076          0          0 SMART           
  24   0        252        252       7076          0          0 GraphIt         
  25   0        252        252      13076          0          0 Dialer event    
  26   0          0          0       7076          0          0 SERIAL A'detect 
  27   0        252        252      13076          0          0 XML Proxy Client
  28   0       2460       2712       8624          1          1 DNS Resolver    
  29   0          0          0       4076          0          0 Inode Table Dest
  30   0          0          0       7076          0          0 Critical Bkgnd  
  31   0     210268          0     154572       1874       1874 Net Background  
  32   0       4512       4256      13332          0          0 IDB Work        
  33   0        252        252      13076       9979       9977 Logger          
  34   0      13476        404       7076          0          0 TTY Background  
  35   0          0          0      10076          0          0 Per-Second Jobs 
  36   0          0          0       7076          0          0 AggMgr Process  
  37   0          0          0       7076          0          0 Token Daemon    
  38   0          0          0       4076          0          0 dev_device_inser
  39   0          0          0       4076          0          0 dev_device_remov
  40   0        252        252       7076          0          0 ESWPPM          
  41   0        252        252       4076          0          0 Eswilp Storm Con
  42   0          0          0       7076          0          0 Platform Compact
  43   0          0          0       4076          0          0 IGMP Snooping Pr
  44   0          0          0       4076          0          0 IGMP Snooping Re
  45   0          0          0      10076          0          0 Crypto Device Up
  46   0          0          0       7076          1          1 Multi-ISA Event 
  47   0          0          0       7076          0          0 Multi-ISA Cleanu
  48   0       3068       2252       7892          0          0 crypto engine pr
  49   0        252       1036       7076          6          6 XDSL BACKGROUND 
  50   0        252        252      25076          0          0 ISDN Timer      
  51   0          0          0       7076          0          0 ISDN From Driver
  52   0          0          0       7076          0          0 Switch Link Moni
  53   0        252        252       7076          0          0 COLLECT STAT COU
  54   0        252        252       7076          0          0 PI MATM Aging Pr
  55   0       2500        252       9324          0          0 DTP Protocol    
  56   0        252        252       7076          0          0 dot1x           
  57   0        252        252       7076          0          0 Dot1x Mgr Proces
  58   0          0          0       7076          0          0 EAP Framework   
  59   0          0          0       7076          0          0 linktest        
  60   0        252        252       7076          0          0 Dot11 Mgmt & Ass
  61   0       2936       5312       9112          0          0 DNS Resolver    
  62   0        252        252      10076          0          0 Dot11 aaa proces
  63   0        252        252      10076          0          0 Dot11 auth Dot1x
  64   0          0          0       7076          0          0 Dot11 Mac Auth  
  65   0        252        252       7076          0          0 AAA Dictionary R
  66   0        252        252       7076          0          0 AAA Server      
  67   0          0          0       7076          0          0 AAA ACCT Proc   
  68   0          0          0       7076          0          0 ACCT Periodic Pr
  69   0       4148        412      10972        915        915 CDP Protocol    
  70   0   71306888   24517464     662184    5972930    5972929 IP Input        
  71   0          0          0       7076          0          0 ICMP event handl
  72   0        252        252       7076          0          0 TurboACL        
  73   0        252        252       7076          0          0 TurboACL chunk  
  74   0        504        504      13076          0          0 PPP Hooks       
  75   0       2780       2548       9072          0          0 DNS Resolver    
  76   0          0          0      13076          0          0 SSS Manager     
  77   0          0          0      13076          0          0 SSS Test Client 
  78   0          0          0       7076          0          0 SSS Feature Mana
  79   0          0          0       7076          0          0 SSS Feature Time
  80   0          0          0      13076          0          0 VPDN call manage
  81   0          0          0      13076          0          0 L2X Socket proce
  82   0          0          0      13076          0          0 L2X SSS manager 
  83   0        252        252      13076          0          0 L2TP mgmt daemon
  84   0          0          0       7076          0          0 X.25 Encaps Mana
  85   0        252        252      10076          0          0 EAPoUDP Process 
  86   0          0          0       7076          0          0 IPv6 RIB Redistr
  87   0        252        252      13076          0          0 KRB5 AAA        
  88   0       1176       1004      13248          1          1 PPP IP Route    
  89   0       2696        252      15520          2          2 PPP IPCP        
  90   0        416        252       7240          0          0 Dot1x Supplicant
  91   0        416        252       7240          0          0 Dot1x Supplicant
  92   0        416        252       7240          0          0 Dot1x Supplicant
  93   0         76          0      10152          0          0 IP Background   
  94   0        164          0      10240          0          0 IP RIB Update   
  95   0      73404          0      73404          0          0 CEF process     
  96   0        444        156       7520          0          0 L2MM            
  97   0       5052          0      12128          0          0 MRD             
  98   0          0          0       7076          0          0 IGMPSN          
  99   0     104220        252     102748          0          0 DHCPD Receive   
 100   0          0          0       7076          0          0 IP Traceroute   
 101   0          0          0       7076          0          0 Socket Timers   
 102   0        252        252       7076          0          0 RLM groups Proce
 103   0          0          0       7076          0          0 SNMP Timers     
 104   0          0     294180      13076         99         99 TCP Timer       
 105   0      37300          0      13076          0          0 TCP Protocols   
 106   0          0          0      25076          0          0 COPS            
 107   0        252        252       7076          0          0 Dialer Forwarder
 108   0        252        252      10076          0          0 Adj Manager     
 109   0    6939628    4232568     121216       2053       2050 HTTP CORE       
 110   0          0     209968       7076          0          0 IP Cache Ager   
 111   0          0          0       7076          0          0 RARP Input      
 112   0          0          0       7076          0          0 PAD InCall      
 113   0        252        252      13076          0          0 X.25 Background 
 114   0        252        252       7076          0          0 PPP Bind        
 115   0        252        252       7076          0          0 PPP SSS         
 116   0        252        252       7076          0          0 RBSCP Background
 117   0      16844        252      23668          0          0 SCTP Main Proces
 118   0        252   45630840       7076        714        714 Inspect process 
 119   0          0          0       7148          0          0 DHCPD Timer     
 120   0          0          0       7076          0          0 Authentication P
 121   0          0          0       7076          0          0 Auth-proxy AAA B
 122   0          0          0       7076          0          0 IPS Timer       
 123   0        424        252       7248          0          0 SDEE Management 
 124   0          0          0       7076          0          0 IPv6 Inspect Tim
 125   0          0          0       7076          0          0 XSM_EVENT_ENGINE
 126   0          0          0      13076          0          0 XSM_ENQUEUER    
 127   0          0          0      13076          0          0 XSM Historian   
 128   0       1068        252       7892          0          0 SSLVPN_PROCESS  
 129   0          0          0       7076          0          0 Select Timers   
 130   0      65680        252      72504          0          0 HTTP Process    
 131   0        252        252       7076          0          0 CIFS API Process
 132   0      12592        252      19416          0          0 CIFS Proxy Proce
 133   0       1192        252       8016          0          0 URL filter proc sw 
 134   0        576        576       7076          2          2 Crypto HW Proc  
 135   0       2584       2488       8876          1          1 DNS Resolver    
 136   0        252        252       7076          0          0 AAA Cached Serve
 137   0        252        252       7076          0          0 ENABLE AAA      
 138   0          0          0       7076          0          0 EM Background Pr
 139   0          0          0       7076          0          0 Key chain liveke
 140   0        252        252       7076          0          0 LINE AAA        
 141   0       5628       1560       8816          0          0 LOCAL AAA       
 142   0       1068        252       7892          0          0 TPLUS           
 143   0        252        252       7076          0          0 VSP_MGR         
 144   0      50032        568      58540          0          0 Crypto WUI      
 145   0      38648        252      26300         41         41 Crypto Support  
 146   0          0          0       7076          0          0 EPM MAIN PROCESS
 147   0        284          0      25360          0          0 RPMS_PROC_MAIN  
 148   0       1428        652       9852          1          1 Crypto CA       
 149   0          0          0       9076          0          0 Crypto PKI-CRL  
 150   0          0          0       9076          0          0 Crypto SSL      
 151   0          0          0       7076          0          0 encrypt proc    
 152   0      62932       4272      84100          0          0 Crypto ACL      
 153   0          0          0       7076          0          0 CRYPTO QoS proce
 154   0          0          0       7076          0          0 Crypto INT      
 155   0       6516        724      14048          4          4 Crypto IKE Dispa
 156   0       6868        252      19692          1          1 Crypto IKMP     
 157   0      66852          0      79928          0          0 Crypto IKEv2    
 158   0     179540      12992     179428         11         11 IPSEC key engine
 159   0          0          0       7076          0          0 IPSEC manual key
 160   0          0          0       7076          0          0 Crypto PAS Proc 
 161   0          0          0       9076          0          0 Key Proc        
 162   0          0          0       7076          0          0 GDOI GM Process 
 163   0          0          0       7076          0          0 PM Callback     
 164   0          0          0       7076          0          0 ISDNMIB Backgrou
 165   0          0          0       7144          0          0 CallMIB Backgrou
 166   0        252        252       7076          0          0 Control-plane ho
 167   0        164          0       7240          0          0 DATA Transfer Pr
 168   0        164          0       7240          0          0 DATA Collector  
 169   0        756       4844       7076          0          0 AAA SEND STOP EV
 170   0          0          0      10076          0          0 EEM ED CLI      
 171   0          0          0      10076          0          0 EEM ED Counter  
 172   0          0          0      10076          0          0 EEM ED Interface
 173   0          0          0      10076          0          0 EEM ED IOSWD    
 174   0          0          0      10076          0          0 EEM ED Memory-th
 175   0          0          0      10076          0          0 EEM ED None     
 176   0          0          0      10076          0          0 EEM ED OIR      
 177   0         76          0      10152          0          0 EEM ED Resource 
 178   0          0          0      10076          0          0 EEM ED SNMP     
 179   0          0          0      10076          0          0 EEM ED Timer    
 180   0          0          0      10076          0          0 EEM ED Track    
 181   0      13408       3684      17460          0          0 EEM Server      
 182   0        252        252       7076          0          0 RMON Recycle Pro
 183   0       5304        252      12128          0          0 RMON Deferred Se
 184   0          0          0       7076          0          0 Syslog Traps    
 185   0       8292       1564      13648          0          0 VLAN Manager    
 186   0        192          0       7340          0          0 DHCPD Database  
 187   0      10012        252      19176          0          0 EEM Policy Direc
 188   0    1542728    1542728      13076       5368       5368 Syslog          
 189   0          0          0       7076          0          0 VPDN Scal       
 190   0       2784       2724       8968          1          1 DNS Resolver    
 191   0          0          0       7076       4075       4075 Net Input       
 192   0        252        252       7076          0          0 Compute load avg
 193   0      10584     278552      15896        610        610 Per-minute Jobs 
 194   0 2138209544  269510948     172448          0          0 Appfw IM DNS Res
 195   0        164          0       7240          0          0 CEF Scanner     
 196   0       1048          0      11180          1      39605 ATM Periodic    
 197   0          0          0      10076          0          0 ATM ARP INPUT   
 198   0        304        304      13076          0          0 ATM OAM Input   
 199   0        304        304      13076          0          0 ATM OAM TIMER   
 200   0        252        252       7076          0          0 ATMSIG ILMI Time
 201   0        252        252      10076          0          0 ATMSIG DRIVERAPI
 202   0        304        304       7076          0          0 SSCOP Input     
 203   0        252        252       7076          0          0 SSCOP Output    
 204   0        252        252       7076         11         11 SSCOP Timer     
 205   0        252        252      13076          0          0 ATMSIG Timer    
 206   0        252        252      13076          0          0 ATMSIG Input    
 207   0        252        252      13076          0          0 ATMSIG Client   
 208   0        252       2076       7076          0          0 IP NAT Ager     
 209   0          0          0       7076          0          0 IP NAT WLAN     
 210   0          0          0       7132          0          0 IP VFR proc     
 211   0        252        252       7076          1          1 HSRP Common     
 212   0       4180        252      17004       8001       8001 HSRP IPv4       
 213   0        252        252       7076          0          0 Track           
 214   0        252        252      13076          0          0 PPP manager     
 215   0      22000       3816      31332       1770       1770 PPP Events      
 216   0        252        252       7076          0          0 Multilink PPP   
 217   0     130404      11248     118248          2          2 PPPoA Manager   
 218   0        576        252       7400        298        298 NTP             
 219   0       2688       2592       8944          1          1 DNS Resolver    
 220   0       2260       2512       8576          1          1 DNS Resolver    
 221   0       2236       2500       8536          1          1 DNS Resolver    
 222   0       2568       2800       8788          1          1 DNS Resolver    
 223   0       2236       2512       8412          1          1 DNS Resolver    
 224   0       2284       2536       8372          1          1 DNS Resolver    
 225   0       2512       2460       8644          1          1 DNS Resolver    
 226   0       2612       2620       8796          1          1 DNS Resolver    
 227   0       2288          0       9364          1          1 DNS Resolver    
 228   0       2244          0       9320          1          1 DNS Resolver    
 229   0       2160          0       9236          1          1 DNS Resolver    
 230   0       2160          0       9236          1          1 DNS Resolver    
 231   0       2196          0       9272          1          1 DNS Resolver    
 232   0       2092          0       9168          1          1 DNS Resolver    
 233   0       2152          0       9228          1          1 DNS Resolver    
 234   0       2092          0       9168          1          1 DNS Resolver    
 235   0       2096          0       9172          1          1 DNS Resolver    
 236   0       2092          0       9168          1          1 DNS Resolver    
 242   0          0          0      13120          0          0 ILMI Input      
 243   0          0          0       7136          0          0 ILMI Request    
 244   0          0          0       7076          0          0 ILMI Response   
 245   0          0          0       7136       9045       9045 ILMI Timer Proce
 246   0       4116          0      17192          0          0 ATM PVC Discover
 247   0      20012        512      33484          0          0 VTEMPLATE Backgr
                                 39017856 Total
 
------------------ show process cpu ------------------
 
CPU utilization for five seconds: 79%/13%; one minute: 77%; five minutes: 77%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process 
   1          28        88        318  0.00%  0.00%  0.00%   0 Chunk Manager    
   2          76      3627         20  0.00%  0.00%  0.00%   0 Load Meter       
   3        1776        90      19733  0.00%  0.00%  0.00%   0 HTTP CP          
   4      195388     11117      17575  0.57%  1.65%  1.26%   0 Check heaps      
   5           0        14          0  0.00%  0.00%  0.00%   0 Pool Manager     
   6           0         2          0  0.00%  0.00%  0.00%   0 Timers           
   7           0        53          0  0.00%  0.00%  0.00%   0 LED Timers       
   8           0         1          0  0.00%  0.00%  0.00%   0 Crash writer     
   9           0         1          0  0.00%  0.00%  0.00%   0 Over Heat Deboun 
  10           0         1          0  0.00%  0.00%  0.00%   0 Fan Fault Deboun 
  11         592      2663        222  0.00%  0.00%  0.00%   0 ARP Input        
  12           0         2          0  0.00%  0.00%  0.00%   0 ATM Idle Timer   
  13           0         7          0  0.00%  0.00%  0.00%   0 AAA high-capacit 
  14           0         1          0  0.00%  0.00%  0.00%   0 AAA_SERVER_DEADT 
  15           0         1          0  0.00%  0.00%  0.00%   0 Policy Manager   
  16          16       605         26  0.00%  0.00%  0.00%   0 DDR Timers       
  17           0         2          0  0.00%  0.00%  0.00%   0 Entity MIB API   
  18         252      5261         47  0.00%  0.00%  0.00%   0 EEM ED Syslog    
  19          44      1815         24  0.00%  0.00%  0.00%   0 HC Counter Timer 
  20           0         2          0  0.00%  0.00%  0.00%   0 Serial Backgroun 
  21           0         1          0  0.00%  0.00%  0.00%   0 RO Notify Timers 
  22           0         1          0  0.00%  0.00%  0.00%   0 RMI RM Notify Wa 
  23           0         2          0  0.00%  0.00%  0.00%   0 SMART            
  24          92     18130          5  0.08%  0.00%  0.00%   0 GraphIt          
  25           0         2          0  0.00%  0.00%  0.00%   0 Dialer event     
  26           0         1          0  0.00%  0.00%  0.00%   0 SERIAL A'detect  
  27           0         2          0  0.00%  0.00%  0.00%   0 XML Proxy Client 
  28           4         2       2000  0.00%  0.00%  0.00%   0 DNS Resolver     
  29           0         1          0  0.00%  0.00%  0.00%   0 Inode Table Dest 
  30           0         1          0  0.00%  0.00%  0.00%   0 Critical Bkgnd   
  31         200     14636         13  0.00%  0.00%  0.00%   0 Net Background   
  32           0         5          0  0.00%  0.00%  0.00%   0 IDB Work         
  33         540      8766         61  0.16%  0.01%  0.00%   0 Logger           
  34         276     18117         15  0.00%  0.01%  0.00%   0 TTY Background   
  35         920     18145         50  0.00%  0.00%  0.00%   0 Per-Second Jobs  
  36           0         1          0  0.00%  0.00%  0.00%   0 AggMgr Process   
  37           0         1          0  0.00%  0.00%  0.00%   0 Token Daemon     
  38           0         1          0  0.00%  0.00%  0.00%   0 dev_device_inser 
  39           0         1          0  0.00%  0.00%  0.00%   0 dev_device_remov 
  40           8         2       4000  0.00%  0.00%  0.00%   0 ESWPPM           
  41           0         2          0  0.00%  0.00%  0.00%   0 Eswilp Storm Con 
  42           0         1          0  0.00%  0.00%  0.00%   0 Platform Compact 
  43           0         1          0  0.00%  0.00%  0.00%   0 IGMP Snooping Pr 
  44           0         1          0  0.00%  0.00%  0.00%   0 IGMP Snooping Re 
  45          60     18145          3  0.00%  0.00%  0.00%   0 Crypto Device Up 
  46           0         2          0  0.00%  0.00%  0.00%   0 Multi-ISA Event  
  47           0         1          0  0.00%  0.00%  0.00%   0 Multi-ISA Cleanu 
  48           0        15          0  0.00%  0.00%  0.00%   0 crypto engine pr 
  49        2100     35023         59  0.00%  0.01%  0.00%   0 XDSL BACKGROUND  
  50           0         2          0  0.00%  0.00%  0.00%   0 ISDN Timer       
  51           0         1          0  0.00%  0.00%  0.00%   0 ISDN From Driver 
  52           0         1          0  0.00%  0.00%  0.00%   0 Switch Link Moni 
  53      200128    142723       1402  1.63%  1.90%  1.92%   0 COLLECT STAT COU 
  54          56     18121          3  0.00%  0.00%  0.00%   0 PI MATM Aging Pr 
  55           0         2          0  0.00%  0.00%  0.00%   0 DTP Protocol     
  56           0         2          0  0.00%  0.00%  0.00%   0 dot1x            
  57           0         2          0  0.00%  0.00%  0.00%   0 Dot1x Mgr Proces 
  58        2600    558810          4  0.08%  0.02%  0.00%   0 EAP Framework    
  59          56     18136          3  0.00%  0.00%  0.00%   0 linktest         
  60           0         2          0  0.00%  0.00%  0.00%   0 Dot11 Mgmt & Ass 
  61           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
  62           0         2          0  0.00%  0.00%  0.00%   0 Dot11 aaa proces 
  63           0         2          0  0.00%  0.00%  0.00%   0 Dot11 auth Dot1x 
  64           0         1          0  0.00%  0.00%  0.00%   0 Dot11 Mac Auth   
  65           0         2          0  0.00%  0.00%  0.00%   0 AAA Dictionary R 
  66           0        16          0  0.00%  0.00%  0.00%   0 AAA Server       
  67           0         1          0  0.00%  0.00%  0.00%   0 AAA ACCT Proc    
  68           0         1          0  0.00%  0.00%  0.00%   0 ACCT Periodic Pr 
  69         132      2137         61  0.00%  0.00%  0.00%   0 CDP Protocol     
  70      577608   2531053        228  4.99%  4.09%  5.30%   0 IP Input         
  71           0         1          0  0.00%  0.00%  0.00%   0 ICMP event handl 
  72           0         4          0  0.00%  0.00%  0.00%   0 TurboACL         
  73           0         2          0  0.00%  0.00%  0.00%   0 TurboACL chunk   
  74           0         4          0  0.00%  0.00%  0.00%   0 PPP Hooks        
  75           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
  76           0         1          0  0.00%  0.00%  0.00%   0 SSS Manager      
  77          16      2419          6  0.00%  0.00%  0.00%   0 SSS Test Client  
  78           0         1          0  0.00%  0.00%  0.00%   0 SSS Feature Mana 
  79         324     70865          4  0.00%  0.00%  0.00%   0 SSS Feature Time 
  80           0         1          0  0.00%  0.00%  0.00%   0 VPDN call manage 
  81           0         1          0  0.00%  0.00%  0.00%   0 L2X Socket proce 
  82           0         1          0  0.00%  0.00%  0.00%   0 L2X SSS manager  
  83           0         2          0  0.00%  0.00%  0.00%   0 L2TP mgmt daemon 
  84           0         1          0  0.00%  0.00%  0.00%   0 X.25 Encaps Mana 
  85           0         2          0  0.00%  0.00%  0.00%   0 EAPoUDP Process  
  86           0         1          0  0.00%  0.00%  0.00%   0 IPv6 RIB Redistr 
  87           0         2          0  0.00%  0.00%  0.00%   0 KRB5 AAA         
  88           0         4          0  0.00%  0.00%  0.00%   0 PPP IP Route     
  89           0         6          0  0.00%  0.00%  0.00%   0 PPP IPCP         
  90           0         2          0  0.00%  0.00%  0.00%   0 Dot1x Supplicant 
  91           0         2          0  0.00%  0.00%  0.00%   0 Dot1x Supplicant 
  92           0         2          0  0.00%  0.00%  0.00%   0 Dot1x Supplicant 
  93          64       460        139  0.00%  0.00%  0.00%   0 IP Background    
  94           8       306         26  0.00%  0.00%  0.00%   0 IP RIB Update    
  95        2760     27360        100  0.00%  0.01%  0.00%   0 CEF process      
  96           0         2          0  0.00%  0.00%  0.00%   0 L2MM             
  97           0         1          0  0.00%  0.00%  0.00%   0 MRD              
  98           0         1          0  0.00%  0.00%  0.00%   0 IGMPSN           
  99        4696     36330        129  0.00%  0.04%  0.05%   0 DHCPD Receive    
 100           0         1          0  0.00%  0.00%  0.00%   0 IP Traceroute    
 101         264     57114          4  0.00%  0.00%  0.00%   0 Socket Timers    
 102           0         2          0  0.00%  0.00%  0.00%   0 RLM groups Proce 
 103           0         1          0  0.00%  0.00%  0.00%   0 SNMP Timers      
 104          12       353         33  0.00%  0.00%  0.00%   0 TCP Timer        
 105           0         2          0  0.00%  0.00%  0.00%   0 TCP Protocols    
 106           0         1          0  0.00%  0.00%  0.00%   0 COPS             
 107           0         2          0  0.00%  0.00%  0.00%   0 Dialer Forwarder 
 108          64       305        209  0.00%  0.00%  0.00%   0 Adj Manager      
 109        4208     16461        255  0.32%  0.32%  0.20%   0 HTTP CORE        
 110          28       303         92  0.00%  0.00%  0.00%   0 IP Cache Ager    
 111           0         1          0  0.00%  0.00%  0.00%   0 RARP Input       
 112           0         1          0  0.00%  0.00%  0.00%   0 PAD InCall       
 113           0         2          0  0.00%  0.00%  0.00%   0 X.25 Background  
 114           0         2          0  0.00%  0.00%  0.00%   0 PPP Bind         
 115           0         2          0  0.00%  0.00%  0.00%   0 PPP SSS          
 116        1300    180641          7  0.08%  0.02%  0.00%   0 RBSCP Background 
 117           0         2          0  0.00%  0.00%  0.00%   0 SCTP Main Proces 
 118        2188     35374         61  0.08%  0.03%  0.00%   0 Inspect process  
 119           0       152          0  0.00%  0.00%  0.00%   0 DHCPD Timer      
 120           0        61          0  0.00%  0.00%  0.00%   0 Authentication P 
 121           0         1          0  0.00%  0.00%  0.00%   0 Auth-proxy AAA B 
 122         168     35400          4  0.00%  0.00%  0.00%   0 IPS Timer        
 123           0         2          0  0.00%  0.00%  0.00%   0 SDEE Management  
 124           0         1          0  0.00%  0.00%  0.00%   0 IPv6 Inspect Tim 
 125           0         1          0  0.00%  0.00%  0.00%   0 XSM_EVENT_ENGINE 
 126          36      1812         19  0.00%  0.00%  0.00%   0 XSM_ENQUEUER     
 127          20      1812         11  0.00%  0.00%  0.00%   0 XSM Historian    
 128         180     35374          5  0.00%  0.00%  0.00%   0 SSLVPN_PROCESS   
 129           0         1          0  0.00%  0.00%  0.00%   0 Select Timers    
 130          32         2      16000  0.00%  0.00%  0.00%   0 HTTP Process     
 131           0         2          0  0.00%  0.00%  0.00%   0 CIFS API Process 
 132           0         2          0  0.00%  0.00%  0.00%   0 CIFS Proxy Proce 
 133           0         2          0  0.00%  0.00%  0.00%   0 URL filter proc  
 134           0         3          0  0.00%  0.00%  0.00%   0 Crypto HW Proc   
 135           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 136           0         2          0  0.00%  0.00%  0.00%   0 AAA Cached Serve 
 137           0         2          0  0.00%  0.00%  0.00%   0 ENABLE AAA       
 138           0         1          0  0.00%  0.00%  0.00%   0 EM Background Pr 
 139           0         1          0  0.00%  0.00%  0.00%   0 Key chain liveke 
 140           0         2          0  0.00%  0.00%  0.00%   0 LINE AAA         
 141          36        79        455  0.00%  0.00%  0.00%   0 LOCAL AAA        
 142           0         2          0  0.00%  0.00%  0.00%   0 TPLUS            
 143           0         2          0  0.00%  0.00%  0.00%   0 VSP_MGR          
 144           0         3          0  0.00%  0.00%  0.00%   0 Crypto WUI       
 145           4        13        307  0.00%  0.00%  0.00%   0 Crypto Support   
 146           0         1          0  0.00%  0.00%  0.00%   0 EPM MAIN PROCESS 
 147           0         1          0  0.00%  0.00%  0.00%   0 RPMS_PROC_MAIN   
 148          40         4      10000  0.00%  0.00%  0.00%   0 Crypto CA        
 149           0         1          0  0.00%  0.00%  0.00%   0 Crypto PKI-CRL   
 150           0         1          0  0.00%  0.00%  0.00%   0 Crypto SSL       
 151           0         1          0  0.00%  0.00%  0.00%   0 encrypt proc     
 152           0        10          0  0.00%  0.00%  0.00%   0 Crypto ACL       
 153           0         1          0  0.00%  0.00%  0.00%   0 CRYPTO QoS proce 
 154           0         1          0  0.00%  0.00%  0.00%   0 Crypto INT       
 155           0         3          0  0.00%  0.00%  0.00%   0 Crypto IKE Dispa 
 156           0         3          0  0.00%  0.00%  0.00%   0 Crypto IKMP      
 157           8         1       8000  0.00%  0.00%  0.00%   0 Crypto IKEv2     
 158          76       910         83  0.00%  0.00%  0.00%   0 IPSEC key engine 
 159           0         1          0  0.00%  0.00%  0.00%   0 IPSEC manual key 
 160           0         1          0  0.00%  0.00%  0.00%   0 Crypto PAS Proc  
 161           0         2          0  0.00%  0.00%  0.00%   0 Key Proc         
 162           0         1          0  0.00%  0.00%  0.00%   0 GDOI GM Process  
 163          72     15639          4  0.00%  0.00%  0.00%   0 PM Callback      
 164           0         1          0  0.00%  0.00%  0.00%   0 ISDNMIB Backgrou 
 165           0         1          0  0.00%  0.00%  0.00%   0 CallMIB Backgrou 
 166           0         2          0  0.00%  0.00%  0.00%   0 Control-plane ho 
 167           0         1          0  0.00%  0.00%  0.00%   0 DATA Transfer Pr 
 168           0         1          0  0.00%  0.00%  0.00%   0 DATA Collector   
 169           4         6        666  0.00%  0.00%  0.00%   0 AAA SEND STOP EV 
 170           0         3          0  0.00%  0.00%  0.00%   0 EEM ED CLI       
 171           0         2          0  0.00%  0.00%  0.00%   0 EEM ED Counter   
 172           0         2          0  0.00%  0.00%  0.00%   0 EEM ED Interface 
 173           0         3          0  0.00%  0.00%  0.00%   0 EEM ED IOSWD     
 174           0         2          0  0.00%  0.00%  0.00%   0 EEM ED Memory-th 
 175           0         2          0  0.00%  0.00%  0.00%   0 EEM ED None      
 176           4         2       2000  0.00%  0.00%  0.00%   0 EEM ED OIR       
 177           0         2          0  0.00%  0.00%  0.00%   0 EEM ED Resource  
 178           0         2          0  0.00%  0.00%  0.00%   0 EEM ED SNMP      
 179           0       305          0  0.00%  0.00%  0.00%   0 EEM ED Timer     
 180           0         2          0  0.00%  0.00%  0.00%   0 EEM ED Track     
 181          28      3686          7  0.00%  0.00%  0.00%   0 EEM Server       
 182           0      1814          0  0.00%  0.00%  0.00%   0 RMON Recycle Pro 
 183           0         2          0  0.00%  0.00%  0.00%   0 RMON Deferred Se 
 184           0         1          0  0.00%  0.00%  0.00%   0 Syslog Traps     
 185           8         2       4000  0.00%  0.00%  0.00%   0 VLAN Manager     
 186           0       308          0  0.00%  0.00%  0.00%   0 DHCPD Database   
 187           0         2          0  0.00%  0.00%  0.00%   0 EEM Policy Direc 
 188         288      4597         62  0.00%  0.00%  0.00%   0 Syslog           
 189           0         1          0  0.00%  0.00%  0.00%   0 VPDN Scal        
 190           4         2       2000  0.00%  0.00%  0.00%   0 DNS Resolver     
 191          84      4064         20  0.00%  0.00%  0.00%   0 Net Input        
 192         296      3628         81  0.00%  0.00%  0.00%   0 Compute load avg 
 193        3288       305      10780  0.00%  0.01%  0.00%   0 Per-minute Jobs  
 194      560164   1789370        313  6.04%  6.24%  5.94%   0 Appfw IM DNS Res 
 195          16       630         25  0.00%  0.00%  0.00%   0 CEF Scanner      
 196           0      1856          0  0.00%  0.00%  0.00%   0 ATM Periodic     
 197           0         1          0  0.00%  0.00%  0.00%   0 ATM ARP INPUT    
 198           0         2          0  0.00%  0.00%  0.00%   0 ATM OAM Input    
 199           0         2          0  0.00%  0.00%  0.00%   0 ATM OAM TIMER    
 200           0         2          0  0.00%  0.00%  0.00%   0 ATMSIG ILMI Time 
 201           0         2          0  0.00%  0.00%  0.00%   0 ATMSIG DRIVERAPI 
 202           0         2          0  0.00%  0.00%  0.00%   0 SSCOP Input      
 203           0         2          0  0.00%  0.00%  0.00%   0 SSCOP Output     
 204           0       315          0  0.00%  0.00%  0.00%   0 SSCOP Timer      
 205         100     18123          5  0.00%  0.00%  0.00%   0 ATMSIG Timer     
 206           0         2          0  0.00%  0.00%  0.00%   0 ATMSIG Input     
 207           0         2          0  0.00%  0.00%  0.00%   0 ATMSIG Client    
 208        1592     35385         44  0.00%  0.00%  0.00%   0 IP NAT Ager      
 209           0         1          0  0.00%  0.00%  0.00%   0 IP NAT WLAN      
 210           0        14          0  0.00%  0.00%  0.00%   0 IP VFR proc      
 211           0         4          0  0.00%  0.00%  0.00%   0 HSRP Common      
 212          20      7991          2  0.00%  0.00%  0.00%   0 HSRP IPv4        
 213         124     18103          6  0.00%  0.00%  0.00%   0 Track            
 214        4160    565831          7  0.08%  0.03%  0.02%   0 PPP manager      
 215        7704    565837         13  0.00%  0.07%  0.06%   0 PPP Events       
 216           0     18126          0  0.00%  0.00%  0.00%   0 Multilink PPP    
 217           8         5       1600  0.00%  0.00%  0.00%   0 PPPoA Manager    
 218         124     18131          6  0.00%  0.00%  0.00%   0 NTP              
 219           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 220           4         2       2000  0.00%  0.00%  0.00%   0 DNS Resolver     
 221           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 222           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 223           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 224           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 225           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 226           0         2          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 227           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 228           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 229           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 230           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 231           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 232           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 233           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 234           4         1       4000  0.00%  0.00%  0.00%   0 DNS Resolver     
 235           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 236           0         1          0  0.00%  0.00%  0.00%   0 DNS Resolver     
 242           0         1          0  0.00%  0.00%  0.00%   0 ILMI Input       
 243           0         1          0  0.00%  0.00%  0.00%   0 ILMI Request     
 244           0         1          0  0.00%  0.00%  0.00%   0 ILMI Response    
 245         200      9046         22  0.00%  0.00%  0.00%   0 ILMI Timer Proce 
 246           8         1       8000  0.00%  0.00%  0.00%   0 ATM PVC Discover 
 247           0         2          0  0.00%  0.00%  0.00%   0 VTEMPLATE Backgr
 
------------------ show process cpu history ------------------
 
                                                              
    7777777777777777777777777777777777777778888877777555557777
    9999999998888888888777776666688888888882222299999333332222
100                                                             
 90                                                             
 80 *************************************************          *
 70 *************************************************     ******
 60 *************************************************     ******
 50 ************************************************************
 40 ************************************************************
 30 ************************************************************
 20 ************************************************************
 10 ************************************************************
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5    
               CPU% per second (last 60 seconds)
 
                                                              
    8888888888878888787788888888877888788888888888778787888888
    2232024347192110819935121220099001910000112100992909100201
100                                                             
 90          *           *                                      
 80 ####*##############**#########*##################*####**####
 70 ####################*############################*#####*####
 60 ####################*#######################################
 50 ####################*#######################################
 40 ############################################################
 30 ############################################################
 20 ############################################################
 10 ############################################################
   0....5....1....1....2....2....3....3....4....4....5....5....
             0    5    0    5    0    5    0    5    0    5    
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%
                                                                          
    88848                                                                 
    73629                                                                 
100                                                                         
 90 * * *                                                                   
 80 ##* *                                                                   
 70 ##* *                                                                   
 60 ##* *                                                                   
 50 ### *                                                                   
 40 ###**                                                                   
 30 ###**                                                                   
 20 ###**                                                                   
 10 ###**                                                                   
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
             0    5    0    5    0    5    0    5    0    5    0    5    0 
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%
 
 

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to authurmell
2Mb line and your CPU's running THAT high?!

If you can, do a sh proc cpu sort | ex 0.00%__0.00%__0.00% and post that up.

I'd also get some graphs going of the DSL and LAN interfaces and see what the traffic loads are.

Regards


authurmell

join:2012-07-18
united kingd
okay will do... BTW does an application exist that presents cisco logs in diagram formart, easily?? Anything to make it easier to digest...I know about grep but just cant find anything at all like 'log parser lizard.'

HELLFIRE
Premium
join:2009-11-25
kudos:18
When you say "presents cisco logs in diagram formart" what exactly are you looking for? A graphical presentation of
the number of times an alert has occurred?

Regards


authurmell

join:2012-07-18
united kingd
yes please, pie charts, bar graphs, line, etc. for non-technical client representations...at the moment I make my own estimated diags.

am on summer hols right now and the client is just getting by with switching the router off/on whenever the above problems occur, but I will keep track of all suggestions to impliment.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to authurmell
Not aware of any off the top of my head. Others may chime in.

While there's log analyzers, they may not be one that will do what you're looking for.

Trying to get straight in my mind, you want to set up some sort of syslog where you're denying inbound packets,
and you want to get a graphical view of how many times X client is blocked? Is that what you're thinking?

Also while syslog is pretty handy, it's not the end all to all. SNMP performance graphs, and if possible NetFlow
traffic analysis is a really good idea, and those are easy enough to implement.

Just my 00000010bits

Regards