801 ISDN Dials too much

Discussion in 'Cisco' started by Pierre, Jan 29, 2004.

  1. Pierre

    Pierre Guest

    We have an 800 series router which dials too much, and
    I'm trying to assess what causes it.
    It is a small network with 4 workstations and a win2k server.
    The DHCP sets the router as the gateway, the Win2k server acts as DNS and
    DHCP server. Netbios over TCP/IP is disabled by the DHCP server.
    The server is set to check every 30 minutes for external email, and the
    workstations hardly ever use the Internet.
    The router has an idle timeout of 120secs. I wrote a small program
    to monitor the call lengths throughout the day, most calls last 3 minutes,
    but some days, they go up to 20 minutes several times a day, with only
    1 person in the office who swears they are not doing anything.
    I have checked the usual, like Outlook set to check emails every 3
    minutes, viruses, Netbios DNS, etc...

    I would like to know if it's possible to query the last traffic that caused
    the idle timeout on the router to be reset, with source and destination
    IP address ?

    Pierre, Jan 29, 2004
    1. Advertisements

  2. I will hazard a guess on your problem.

    1. Your access list which defines the interesting traffic is too broad.
    2. You do not have an access list which denies unwanted traffic
    coming in to your systrem
    3. You have not specified "no ip unreachables" on the outgoing interface.

    And the reason why the interface is kept up is because the viruses
    are attacking your system and your system is telling them to bugger
    off instead of ignoring them like a Big Brother ought to.

    As to your actual question, no. "sh dialer" will only show what traffic
    has brought the interface up and how long to go until the counter expires.

    Bob { Goddard }, Jan 29, 2004
    1. Advertisements

  3. Pierre

    News User Guest

    I had some problems similar to these ones.

    My main problem was the client PCs had configured a DNS server and these PCs
    refreshed the "computer list" every few minutes.

    I suggest to remove DNS servers from clients and to use a hosts file.

    Best regards.
    News User, Feb 2, 2004
  4. Pierre

    Pierre Guest

    The problem was there was no access-list on the router
    and it kept being probed, mostly on TCP port 135
    and lately on 3127 (mydoom).
    Pierre, Feb 12, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.