No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR Serials Router Receives Malice Attack and CPU is Fully Used

Publication Date:  2012-07-27 Views:  97 Downloads:  0

Issue Description

AR serials router receives malice attack and CPU utilization reaches100%.

Alarm Information

Check fast forwarding table with display ip fast-forwarding cache command and find many packets of 445 port:
561:0  3816   445   6  Ethernet1  Ethernet1  1
561:1  1239   445   6  Ethernet1  Ethernet1  1
561:2  4879   445   6  Ethernet1  Ethernet1  1
561:3  3029   445   6  Ethernet1  Ethernet1  1

Handling Process

Define ACL filter rule:
acl number 3003
rule  deny tcp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 445
Apply on uplink interface and downlink interface of AR router:
interface eth 0/1
firewall pacaket-filter 3001 inbound
interface eth 0/1
firewall pacaket-filter 3001 inbound

CPU utilization of the router reduces within normal range.

Root Cause

Virus attack results in that many  abnormal packets are sent to CPU and CPU utilization is high.


AR router should configure anti-virus ACL.