Hosting Provided By

RE: cisco 7200 performance issue

From: Luciano Z <user_luciano(at)yahoo.com.br>
Date: Fri May 23 2003 - 15:42:14 EDT

I forgot the version information :-)
It´s a 12.2(12b) box.

Another interesting information is that the router does not use SSH, it is connected to a console server. This is configuration is not a regular policy, I still have boxes that use telnet :-(

Follow-up on this incident:
We report the problem to cisco and the recommendation that we got is 'apply an access-list'. Well, this is a problem to implement. The message we received on the router syslog affected the CPU too (it´s like doing a "debug all" on the console). With the access-list this could be solved. The only question I have is why does RSHELL messages need to be logged while connections to others tcp ports doesn´t? It would be interesting to have a feature to disable logging on service ports that are not in use (suggestion to the cisco guys here? :-)

Some of the replys I got recommended this to but let´s analyze the problem of implementing access-lists on this box. This is a access layer box so we have about 80 active customers connected to this router. If we apply an access-list to protect the router by droping all packets destinated to the router´s interface (and it´s loopbacks) we will end up with an access-list with at least 80 lines (imagine the problem to manage this while activating/deactivating customers). So this is not a solution, at least at this network layer.

One thing we did here after the incident is a review of the "schedule allocate" configuration. We first used the values on that classic paper about router securiy wrote by cisco but now we change it a bit and will test this to evalute this new value.

Well, thanks for all the replys I got.
If we have some new information I´ll post here.

[]
luciano

Paul Benedek <paul.benedek@excis.co.uk> escreveu:
> Hi Luciano,
>
> What is the IOS version that you are running? This
> could be a bug. It
> would be worth looking at the field notices on CCO
> to determine if this is
> IOS related.
>
> Regards
>
> Paul Benedek
>
> -----Original Message-----
> From: Luciano Z [mailto:user_luciano@yahoo.com.br]
> Sent: 21 May 2003 20:45
> To: incidents@securityfocus.com
> Subject: cisco 7200 performance issue
>
> Hi!
>
> I was responding an incident last night and saw a
>

> Yahoo! Mail
>

> *** Wireless LAN Policies for Security & Management
> - NEW White Paper ***
>

>
>
>

Yahoo! Mail
O melhor e-mail gratuito da internet: 6MB de espaço, antivírus, acesso POP3, filtro contra spam. http://br.mail.yahoo.com/

Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

Do you need help?

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents

Received on Mon May 26 12:09:42 2003

This message: [ Message body ]
Next message: Chip Mefford: "Re: A question for the list..."
Previous message: Jerry Shenk: "RE: [ANNOUNCE] protocol watcher"
Maybe in reply to: Luciano Z: "cisco 7200 performance issue"
In reply to Wendy Garvin: "Re: cisco 7200 performance issue"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:06 EDT