Cisco 4006 worm

Discussion in 'Cisco' started by Someone, Sep 16, 2006.

  1. Someone

    Someone Guest

    How can I detect if my Cisco 4006 switch is infected with worm/virus.
    Beacuse it is dead slow. Thanks.
     
    Someone, Sep 16, 2006
    #1
    1. Advertising

  2. Someone

    Fer Mtz Guest

    Someone wrote:
    > How can I detect if my Cisco 4006 switch is infected with worm/virus.
    > Beacuse it is dead slow. Thanks.



    they dont have worms, worms are in your network, please check CPU and
    utilization.
    Disconect every cable from your network and put one for one again OR
    try to deny some networks and try to figure out wich network is making
    so slow the 4006
     
    Fer Mtz, Sep 16, 2006
    #2
    1. Advertising

  3. In article <>,
    Someone <> wrote:
    >How can I detect if my Cisco 4006 switch is infected with worm/virus.
    >Beacuse it is dead slow. Thanks.


    It is quite unlikely that a worm or virus has infected your 4006
    itself. I have a vague memory that some group was able to drop
    code into a couple of kinds of IOS devices, but that would have been
    at least 6 years ago, probably longer, and only applied to a few
    devices (different models use different processors), was relatively
    easily defended against, and would have been patched long ago.

    It is, though, entirely possible that something in your network
    has been infected and your network is being flooded with outgoing
    attempts to infect other things. You can track that sort of
    activity by setting up a syslog server and adding "log" modifiers
    to your ACL entries (use permit ip any any log if you want to
    permit all traffic through.) Alternately, try enabling "ip accounting";
    then "show ip accounting" can show you summaries of where the traffic
    is going.

    (I'm presuming here that your 4006 has a routing card in it, not just
    acting as a true layer 2 switch.)

    For really detailed accounting, you -might- be able to enable "netflow",
    but you probably don't have a netflow analyzer available, and I suspect
    your 4006 doesn't support netflow.
     
    Walter Roberson, Sep 16, 2006
    #3
  4. www.BradReese.Com, Sep 17, 2006
    #4
  5. Someone

    Sam Wilson Guest

    In article <>,
    Someone <> wrote:

    > How can I detect if my Cisco 4006 switch is infected with worm/virus.
    > Beacuse it is dead slow. Thanks.


    "show proc cpu" is probably a good start. I don't know if the 4006 runs
    IOS but if yours is then try "show proc cpu sort".

    Sam
     
    Sam Wilson, Sep 19, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dennis Paul

    802.1x on Cisco 4006

    Dennis Paul, Jul 10, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,206
    Dennis Paul
    Jul 10, 2003
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,723
    John Tate
    Aug 20, 2003
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    830
    code_wrong
    May 15, 2004
  4. Imhotep
    Replies:
    4
    Views:
    751
    Edw. Peach
    Jan 30, 2006
  5. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    549
    Danny
    Aug 14, 2005
Loading...

Share This Page