Date: Wed, 16 Jan 2002 09:56:43 -0700 From: "Jeremy Buckner" <jeremy@cableaz.com> To: "Chris Shenton" <chris@shenton.org> Cc: <isp@FreeBSD.ORG> Subject: Re: Who's saturating outbound link (Cisco 2620, IOS 12.1(1)) Message-ID: <001b01c19eae$c6acdc40$0e9af13f@caz> References: <87g05a2ao2.fsf_-_@thanatos.shenton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Well in my experience with that I will tell you that a virus will definitely cause that kind of traffic. Code Red or Nimda type viruses have killed our bandwidth before. Also some P2P file sharing software will do that too if it not setup correctly. If you know it's not a virus and you have P2P stuff flowing through your system, try putting an access list on your router blocking ports 1214, 6346, 6347, and 6348. See if your outbound dies down. Obviously the sky's the limit with the number of reasons why you have that problem, but that's what has happened to us in the past. Jeremy ----- Original Message ----- From: "Chris Shenton" <chris@shenton.org> To: <freebsd-isp@FreeBSD.ORG> Sent: Sunday, January 13, 2002 2:39 PM Subject: Who's saturating outbound link (Cisco 2620, IOS 12.1(1)) > An ISP I support has FreeBSD servers and a bunch of LAN- and > ISDN-connected clients. Its remote so I can't get to it physically. > > In the past couple days, the 256Kbps link has been totally saturated, > MRTG tells me it's outbound traffic. How can I determine which > system is causing the traffic? > > I'm not a Cisco expert, but hoped "show ip accounting" would help, but > it only appears to show me *inbound* traffic from all outside > addresses to my internal addresses. I need the opposite. Is there > some IOS command I'm just not clued into? > > I'm working with the remote admin to see if I can get a hub put > between the router and other ISP gear, then put a FreeBSD box on that > so I can use tcpdump or others to sniff the traffic. Until then, I'm > blind unless there's some cisco voodoo I can use. > > Any ideas? Thanks. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c19eae$c6acdc40$0e9af13f>