«

How can I detect if my Cisco 4006 switch is infected with worm/virus.
Beacuse it is dead slow. Thanks.

Someone wrote:
> How can I detect if my Cisco 4006 switch is infected with worm/virus.
> Beacuse it is dead slow. Thanks.


they dont have worms, worms are in your network, please check CPU and
utilization.
Disconect every cable from your network and put one for one again OR
try to deny some networks and try to figure out wich network is making
so slow the 4006

In article <>,
Someone <> wrote:
>How can I detect if my Cisco 4006 switch is infected with worm/virus.
>Beacuse it is dead slow. Thanks.

It is quite unlikely that a worm or virus has infected your 4006
itself. I have a vague memory that some group was able to drop
code into a couple of kinds of IOS devices, but that would have been
at least 6 years ago, probably longer, and only applied to a few
devices (different models use different processors), was relatively
easily defended against, and would have been patched long ago.

It is, though, entirely possible that something in your network
has been infected and your network is being flooded with outgoing
attempts to infect other things. You can track that sort of
activity by setting up a syslog server and adding "log" modifiers
to your ACL entries (use permit ip any any log if you want to
permit all traffic through.) Alternately, try enabling "ip accounting";
then "show ip accounting" can show you summaries of where the traffic
is going.

(I'm presuming here that your 4006 has a routing card in it, not just
acting as a true layer 2 switch.)

For really detailed accounting, you -might- be able to enable "netflow",
but you probably don't have a netflow analyzer available, and I suspect
your 4006 doesn't support netflow.

On a Catalyst 4006 switch on which you have installed one or more
WS-X4148-RJ45V modules, the typical utilization is higher:

http://www.cisco.com/en/US/products/....shtml#typical

Sincerely,

Brad Reese
Cisco Repair
http://www.bradreese.com/cisco-big-iron-repair.htm

In article <>,
Someone <> wrote:

> How can I detect if my Cisco 4006 switch is infected with worm/virus.
> Beacuse it is dead slow. Thanks.

"show proc cpu" is probably a good start. I don't know if the 4006 runs
IOS but if yours is then try "show proc cpu sort".

Sam