cisco 7200 performance issue

[Luciano Z <user_luciano () yahoo com br>]

Hi!

I was responding an incident last night and saw a
strange performance problem with a cisco 7200.

When I issued a "sh interface" on the two fast
ethernets of my box it was show that I got only 6Mbps
traffic and normal packet per second rate but when I
"sh logg" the box I got a lot of
"%RCMD-4-RSHPORTATTEMPT: Attempted to connect to
RSHELL from x.y.z.w" messages with spoofed sources.

Investigating a little more I discovered that this
traffic was pushing the CPU to 98% to 100% of
utilization. Back to the output of "sh logg" I saw
that the box was logging 2 to 3 RSHELL messages per
second. In my opinion this coulnd´t affect the CPU so
much. The router have 256M of RAM and it´s a 7200!

I coulnd´t gather more info about this incident
because it stopped before I could get the data. The
strange thing it´s that the high CPU utilization
stopped too.

I don´t know if this is a problem of this cisco model
or if I´m missing something. Any ideias?

[]
lwulff

_______________________________________________________________________
Yahoo! Mail
O melhor e-mail gratuito da internet: 6MB de espaço, antivírus, acesso POP3, filtro contra spam. 
http://br.mail.yahoo.com/

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------