Monitoring NAT translation counts

Discussion in 'Cisco' started by Erik Freitag, Dec 2, 2004.

  1. Erik Freitag

    Erik Freitag Guest

    Past experience with some email-vectored viruses has shown me and my
    colleagues that monitoring the number of NAT translations on an
    Internet-facing router can give you a good indication that your network
    hosts have become infected. Code red, for instance produced translations
    in the high five digits (i.e. 90000+ translations) on a corporate network.
    Normal translation counts were in 10000-20000 range.

    We wrote some expect scripts to collect translation counts (using
    show ip nat statistics) and report anything out of the ordinary to the
    NOC, but this method was not well-integrated with our other network/IDS
    monitoring tools, and required maintaining some information on the
    coding, deployment, invocation, and maintenance of these scripts. I asked
    Cisco if they could point out an SNMP variable that contained the NAT
    translation count, for use with our network monitoring tools, but they
    could not, and repeated attempts to find one using snmpwalk also failed.

    Does anyone here monitor NAT translations on a production basis? Have you
    found a better way to do it?
    Erik Freitag, Dec 2, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Message counts in Tbird

    , Sep 15, 2005, in forum: Firefox
    Replies:
    1
    Views:
    441
  2. Carlos

    Gmail counts

    Carlos, Sep 26, 2004, in forum: Microsoft Certification
    Replies:
    14
    Views:
    3,817
  3. DigitalVinyl
    Replies:
    7
    Views:
    1,282
    DigitalVinyl
    Apr 8, 2005
  4. Jim Scott

    Missing counts

    Jim Scott, Sep 20, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    328
    Jim Scott
    Sep 20, 2004
  5. =?Utf-8?B?YmlncGFsb29rYQ==?=

    MCP/MCSD current counts

    =?Utf-8?B?YmlncGFsb29rYQ==?=, Sep 14, 2006, in forum: Microsoft Certification
    Replies:
    12
    Views:
    1,001
Loading...

Share This Page