Cisco 7600 under attack?

Similar Messages

• Cisco 7600 Series can't back up it's config using Ciscoworks

  We have a problem with Ciscoworks. Our client's Cisco 7600 can't back up it's configuration with Ciscoworks, while the rest of the devices can. They are all enrolled and discovered in the Ciscoworks of our client. Do you have any idea how to troubleshoot this? Thanks!

  Have you partitioned the drive and formatted it Mac OS Extended (Journaled?) If not, try that and see if it helps:
  Extended Hard Drive Preparation
  1. Boot from your OS X Installer Disk. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger.)
  2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Note the SMART status of the drive in DU's status area. If it does not say "Verified" then the drive is failing or has failed and will need replacing. SMART info will not be reported on external drives. Otherwise, click on the Partition tab in the DU main window.
  3. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the number of partitions from the dropdown menu (use 1 partition unless you wish to make more.) Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the volume(s) mount on the Desktop.
  4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
  5. Set the format type to Mac OS Extended (Journaled.) Click on the Options button, check the button for Zero Data and click on OK to return to the Erase window.
  6. Click on the Erase button. The format process will take 30 minutes to an hour or more depending upon the drive size.
  Steps 4-6 are optional but should be used on a drive that has never been formatted before, if the format type is not Mac OS Extended, if the partition scheme has been changed, or if a different operating system (not OS X) has been installed on the drive.

• WLC sending a message of AP under attack

  Hi to all,
  I've been getting this message from my WLC and I'm not able to find what doest it really mean and if there is something that could be done in order to solve it.
  "Warning : Our AP with Base Radio MAC 00:14:a8:53:0b:20 is under attack (contained) by another AP on radio type 802.11b/g"
  "Warning Cleared: Our AP with Base Radio MAC 00:14:a8:53:0b:20 is no longer under attack (contained) by another AP on radio type 802.11b/g"
  Can this cause me problems in the performance of my wireless network???
  Thanks in advance for your help.

  Hi,
  The firmware is 4.2.112.0
  Thanks in advance for your help.

• Help, I am under attack.

  Today I have discovered some data in a database that makes me
  think that some is trying an sql injection attack on one of my
  websites.
  I use SP’s and Cfqueryparam to protect myself against
  this type of attack and as a general rule before doing anything I
  strip out all banned charters from in coming data. So I don’t
  have the original statement, but I do have code (without banned
  chars) in my database.
  I have captured the users IP address and looked it up as
  coming from Indonesia.
  I am now wonder what my next step should be.
  I am considering creating a banned IP table so that when a
  new user comes to my site I check the table, if their IP is in the
  table I will send them somewhere else. If the IP is a fixed address
  it will be permanently listed in my table, if not I will ban the IP
  for a short time to stop an immediate attack. It may also be worth
  pointing out that we don’t trade in Indonesia.
  I guess my questions are:
  Does this sound like a good idea or is there a better way?
  How can I tell if an IP is fixed or not?
  Has any one else come across this problem, if so how did you
  deal with it?

  nick010 wrote:
  > Today I have discovered some data in a database that
  makes me think that some
  > is trying an sql injection attack on one of my websites.
  >
  > I use SP?s and Cfqueryparam to protect myself against
  this type of attack and
  > as a general rule before doing anything I strip out all
  banned charters from in
  if you're using cfqueryparam religiously (are you?) &
  your website is still
  standing then i would imagine your current security is
  "effective". what makes
  you think you're under attack? have you seen malicious sql
  code?
  > I have captured the users IP address and looked it up as
  coming from
  > Indonesia.
  you might try geoLocator:
  http://www.sustainablegis.com/projects/geoLocator/
  to
  determine the country from their incoming IP & some other
  data we can squeeze
  out of their browser (correct >90%++ of the time). if he's
  the only user from
  indo, you can ban the whole country (as long as his IPs
  originate from there).
  be sure to update the inetAddressLocator.jar from:
  http://javainetlocator.sourceforge.net/
  don't recall if the zip file on my site has the latest jar.

• Cisco 7600 in MPLS

  Hello,
  1)
  I have a question regarding Cisco 7600/6500 ( sup720 exactely) in MPLS.
  I've read in documentation and also in some forum posts that "show mpls cef" is not MPLS aware command and should be used only for IP traffic. But still in some Cisco documents you can find that it is recommended on Cisco 7600/6500 for MPLS to use show mls cef instead of show ip cef (wether it is P or PE device in MPLS).
  Does anyone know what is true?
  2)
  Also when load balancing is involved in MPLS with Cisco 7600/6500 (sup720)
  P=======PE (P and PE are 7600 and there are two paralle link with the same cost between them).
  In documentation can be found that in MPLS, CEF is still in charge for load sharing (src-dst IP header based) except for hardware based platforms.
  Since 7600 is hardware based platform does it have some other load sharing method or it is also CEF based?
  Thanks in advance.
  Regards,
  A.

  Hi Prima,
  This question has been already answered several times and the answer is still the same :-) : it's not supported on 7600 platform due to hardware limitation.
  HTH
  Laurent.

• Configuring SYNCE/PTP on Cisco 7600 and Cisco MWR for NSN NodeB

  Hi to All,
  I would to ask for support on how i can establish the PTP between Cisco MWR 2941-DC and a NSN NodeB. The Cisco MWR is connected to a Cisco 7600 with SPA-2X1GE-SYNCE where the SSU/OSN clock is connected on the BITS ports. Hope you can assist me with the configurations.
  Thanks,
  Eugene

  Dear Genedeath,
    I have noticed that you posted this message since last year ..... have you ever been able to solve the case??
  I had a glance to the diagram and it looks quite similar to my case.
  I need to configure a Cisco MWR2941 for the very first time  in order to support SyncE for packet Abis between a NSN FlexyBSC and a NSN BTS.
  BTS---------------Gig x/y MWR Gig x/x-----------------------FlexyBSC
  I guess the source clock would be provided by BSC...
  Can you support me according to your experience ??
  thanks and regards!
  Mauro

• Cisco 7600 Series Ethernet Services cards types & queue values

  Hello,
  There is different types for the Cisco 7600 Series Ethernet Services cards.
  ( More expensive cards with high queue values and less expensive cards with
  low queue values.)
  http://www.cisco.com/en/US/prod/collateral/routers/ps368/data_sheet_c78-549419.html
  Hardware queues
  ES Plus XT 40G line cards
  • 128,000 ingress queues
  • 256,000 egress queues
  ES Plus XT 20G line cards
  *• 64,000 ingress queues*
  • 128,000 egress queues
  Hierarchical QoS (H-QoS)
  http://www.cisco.com/en/US/prod/collateral/routers/ps368/data_sheet_c78-570730.html
  Hardware queues
  Cisco 7600 Series ES Plus Transport 40G and 20G Line Cards
  *Supporting up to 16 level 4 queues per physical port*
  Hierarchical QoS (H-QoS)
  Low queue cards have got only 4 queues per physical port. High queue cards
  have got minimum 64.000 queue. This is very huge difference.  In what kind
  of scenario do we have to use the High queue cards ? Could you give some
  examples please ?  Kind Regards.
  Burak

  HI Burak,
  Each time you configure a class with bandwidth allocation or shaping,.. a queue will be used so if you use such card to provide QoS for a lot of subscribers sharing the same interface, you will need a lot of them !!
  HTH
  Laurent.

• Cisco 7600 Series (7603) Router Information

  Hello,
  Does anyone have a link or reference to a good description of the Cisco 7600 boot process and various memory heirarchy functions? I'm looking for information on what should be in NVRAM, FLASH, SUP-BOOTFLASH etc. Thank you.

  You can find all the 7600 series router info here.
  http://www.cisco.com/en/US/products/hw/routers/ps368/products_data_sheet0900aecd801c5cab.html
  http://www.cisco.com/en/US/products/hw/routers/ps368/prod_literature.html
  HTH,
  Sundar

• Cisco 7600, SCE8000, Etherchannel

  I have two Cisco 7600 and 4 Cisco SCE8000.
  I try connect two 7600 through etherchannel with sce.
  I read MGSCP design guide and configured src-ip load-balance on one 7600 and dst-ip on another 7600.
  I tested by test etherchannel load-balance command, IPs are use same interfaces on etherchannels.
  But I see all numbers of sessions on each SCE but not 1/4 of all sessions.
  What may be wrong in configuration?

  After I wrote to config Cisco SM command force_subscriber_on_one_sce=true and restarted SM, I have 100% control CPU utilization on SCE and high CPU utilization of SM server.

• Cisco 7600 MPLS and set Qos group

  Hi, i'm am trying to use to following class-maps and policy maps on a Cisco 7600. The same maps have been used on both 3700 series and 7200 series. However when i try to apply IP_TO_MPLS_OUT and MPLS_TO_IP_IN on the 7600 (with SUP32 and 48 port gigabit blade) i get a message on the console
  "set qos group" not supported.
  I used the QoS group to carry the MPLS EXP value (as label would is popped) and this works well.
  How can i get the QoS group to work on the 7600, if not is there a valid workaround?
  Many thanks for your help.
  policy-map IP_TO_MPLS_OUT
  class qosgrp5
  set mpls experimental topmost 5
  priority percent 10
  class qosgrp4
  bandwidth remaining percent 50
  set mpls experimental topmost 4
  class qosgrp2
  bandwidth remaining percent 20
  set mpls experimental topmost 2
  class class-default
  bandwidth remaining percent 30
  random-detect
  set mpls experimental topmost 1
  policy-map CE_OUT
  class qosgrp5
  set ip precedence 5
  class qosgrp4
  set ip precedence 4
  class qosgrp2
  set ip precedence 2
  policy-map MPLS_TO_IP_IN
  class MPLS_EXP5
  set qos-group 5
  class MPLS_EXP4
  set qos-group 4
  class MPLS_EXP2
  set qos-group 2

  Hi,
  I'm not aware that you can use qos groups on c7600 (LAN ports ?).
  For the MPLS_TO_IP direction you can use 'mpls propagate-cos' on the egress interface as workaround. This rewrites the egress IP ToS with the internal DSCP (which is inferred from the topmost MPLS label).
  For the IP_TO_MPLS direction you could just match on the original DSCP ?
  cheers,
  Stefan

• WLC Warning Message: Our AP is under attack

  Hi there,
  I receive this Warning message in WLC version 5.0:
  Warning: Our AP with Base Radio MAC 00:1f:6d:b9:48:d0 is under attack (contained) by another AP on radio type 802.11b/g
  So, what does it means? Can someone explain..Great Thanks.

  I am getting the same message, but I've not been able to diagnose the issue yet.
  It seems that the AP is being contained by another wireless system. However, there is no information that I can find to indicate what is "attacking" or "containing" the AP.

• Viewing MAX-reseved-bandwidth on Cisco 7600 router

  Hi everybody
  I have been searching a command that will shows us the max-reseved bandwidth ( In the context of QOS) on cisco 7600. 
  I appreciate your help
  Thanks
  ciscoR1#show version
  Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1(3)S5, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Tue 12-Feb-13 13:17 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(33r)SRD5, RELEASE SOFTWARE (fc1)
  BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1(3)S5, RELEASE SOFTWARE (fc2)

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I'm uncertain, but on a 7600 with 15.x IOS, it's likely QoS is following the HQF changes, and if so, max-reserved-bandwidth has really been deprecated.

• Catalyst 6500/Cisco 7600 MIB's

  Could anyone tell me all MIB's I need to manage a Catalyst 6500/Cisco 7600? Or better, do you know any documents where I could find this information?
  Thanks for your help.

  You can get all these MIBs from http://www.cisco.com/public/mibs
  As for what MIBs you need, it depends on what you're trying to poll.

• Port Analizer Port gigabit cisco 7600 SIP-400 SPA-5X1GE-V2

  Hi,
  I have a Wan LINK  (Layer 3), so I want to check if there are retransmissions in this link.
  Do you know if there is a way that a can do SPAN on a GigabitEthernet Port on SPA-5X1GE-V2 (Cisco 7600 Platform)
  I tried but i got this error:
  R(config)#monitor session 10 source int GigabitEthernet 4/0/0
  % Interface(s) Gi4/0/0 not supported as monitor source(s) on this platform
  Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1(2)S, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
    4    0  4-subslot SPA Interface Processor-400  7600-SIP-400      
    5    2  Route Switch Processor 720 (Active)    RSP720-3CXL-GE
   4/0 5xGE SPA                    SPA-5X1GE-V2     
  thanks for the Help.

  Hi,
  Does anyone have any suggestions?

• Suspect network under attack by icmp

  All
  I am now supect that the pix is under high volume of ping, as if i disable the ping from outside world on wan router, the performace of the network is improved.
  Does PIX can do with some control on if under icmp attack can temp limit or drop the packet from inside and outside world.
  so that the inside affected client and attack from outside world can be prevent.
  tks all

  HI .. you could try enabling the ips built-in signtures supported by the PIX. These are used to protect against common attacks.
  " Cisco PIX Firewall includes an IP-only intrusion detection feature. It provides visibility at
  network perimeters or for locations where additional security between network segments is
  required.
  The PIX IDS identifies more than 53 common attacks using signatures to detect patterns of
  misuse in network traffic. Traffic passing through the PIX Firewall can be identified to be
  audited, logged, and/or dropped.
  After it is configured, the IDS feature watches packets and sessions as they flow through the
  firewall, scanning each for a match with any of the IDS signatures. When suspicious activity
  is detected, the PIX Firewall responds immediately and can be configured to do the following:
  1. Send an alarm to a syslog server.
  2. Drop the packet.
  3. Reset the TCP connection. "
  I suggest you check the command reference for the use of ip audit command !!!
  I hope it helps .. please rate it if it does !!!