[mrtg] Re: Outgoing data on a link
Paul C. Williamson
pwilliamson at mandtbank.com
Thu Jan 10 20:42:44 MET 2002
A few points here...
I had the exact same thing happen. One indication that something was screwy
was there was no corresponding input on the router. It turns out that our ISP was broadcast our router as a valid BGP router. So, apparently, every so often, there were small queries coming in to the router that were causing
MASSIVE data dumps, lasting 2 or more hours some times. I brought it to
their attention, and as soon as a I mentioned it, the problem went away.
So check to see if there is an equal amount of data coming in to the router.
If it is, then I would think hacker. If not, I would think someone is either
trying to hack you by getting arp tables or some other kind of cache...
Paul
>>> "Alejandro Cabrera Obed" <sisdis at tournet.com.ar> 01/10/02 02:35PM >>>
Hi everybody:
I have set the MRTG in one of my routers (Cisco 1600); the link has a
capacity of 128 Kbps. The measure of the serial interface's traffic on the
graphic tell me that there are a lot of output data (blue color in the
graphic) for periods of two or three hours once a day during a week
aproximateley.
This is an indicative that there is a service running on any computer of the
LAN that put out data to the Internet, for example FTP. But the problem is
that none of the computers make an FTP connection to the Internet (put data)
and I was thinking in an orifice in any host managed by a hacker who take
data from my network.....how can I prove that ????
Thanks a lot !!!!
Regards.
Alejandro Cabrera Obed
E-mail: sisdis at tournet.com.ar
ICQ#95838645
Bs. As. - Argentina
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list