yurisk.info » Cisco

Meet the Cisco IPS sensor 4200 series, episode 1 – Initial configuration

Yuri — Sun, 25 Sep 2011 17:20:58 +0000

Some great products get unfair treatment for unclear reasons. One such gear is Cisco IPS sensor 4200 appliance, that while doing its job doesn’t get much attention, fame and even worse proper relation on Cisco.com documentation site. The documentation exists but scarce , examples of configuration – close to none, screenshots – go find. You got the picture – and here comes my humble effort to introduce the sensor to wider audience of this website.
First is the initial configuration using the console. The software used is 6.1 , sensor hardware is IPS 4235 . I am doing the config NOT running built-in #setup dialog.
Enjoy and have a nice day.
Yuri

Archive IOS running configuration automatically for possible rollback

Yuri — Fri, 23 Sep 2011 18:56:22 +0000

Here is a feature that will save you time and frustration in many possible scenarios – especially when managing Cisco routers in multi-user environment. Once enabled archiving saves periodically copy of the running configuration of IOS router to the flash or remote server. So
next time something stops working after changes and you don’t know which one caused this – just revert back to the working configuration that is readily available.

Configure DVTI hairpinning on Cisco router for safe browsing

Yuri — Sat, 13 Aug 2011 08:29:06 +0000

guten Tag everyone, today i am posting the video showing how to configure Dynamic Virtual Tunnel Interface (DVTI) on Cisco IOS router. DVTI for remote access has been available for a long time already and actually comes to gradually replace the old way of dynamic crypto maps, but as always people are hard to get out of the rut so mainly this great feature goes unnoticed.
In this specific setup I am using DVTI for hairpinning – i.e. I will connect using CIsco VPN client to the router and will tunnel ALL of my traffic through this connection, no split tunnel.
The main benefit of DVTI here is that using DVTI interface I can assign it ip nat inside and router will take care of NAT translating my traffic when sending it clear text to the Internet.
Enjoy
As always you can watch all my videos on Vimeo – vimeo.com/yurisk.info, also you can download there videos as files.
Reference on Cisco: DVTI on CIsco.com

Encrypting preshared keys stored on the cisco IOS router

Yuri — Fri, 15 Jul 2011 08:37:19 +0000

You never know where your router may end up . It may be RMA’ed without proper wiping the configuration first, it may be plain simple stolen. In any of these or other unfortunate cases the last thing you would want is for the attacker get passwords or other security information stored on the router.
One piece of such information is preshared key(s) , that by default are stored in clear text.
To address this potential threat Cisco, starting IOS 12.3, provide AES encryption feature on IOS routers to encrypt the stored preshared keys. In video below I recorded you can see the walkthrough to enable and manage this security feature.
Enjoy. As always suggestions, critics, comments are welcome .
NB – Narration is in English.

Cisco – how to schedule an unattended reload with EEM

Yuri — Wed, 22 Jun 2011 18:34:06 +0000

Good evening everyone,
Today a colleague of mine asked if I had a ready-to-use template to schedule a reload of Cisco IOS router .
- “Of course, piece of cake, there should be millions of hits on it in Google” , was my thought. So, after 30 minutes of searching the mighty G and being surprised to have found nothing I dragged from my notes this recipe dated 2007 but still valid as ever.
Enjoy.
NB Word of warning to those trying to do it with built in KRON service of IOS – rebooting a router requires to answer “yes” at the CLI prompt and therefore will NOT work with KRON, only EEM can do it.
IOS used and tested – IOS 12.4T

conf t
Edge(config)#event manager applet ReloadMe
Edge(config-applet)#event timer cron name ReloadMe cron-entry “05 09 * * *”
Edge(config-applet)#action 33 reload
wr mem

This will reload router every day at 09:05, for other formats see man page for cron in Linux

sh run
….
event manager applet ReloadMe
event timer cron name ReloadMe cron-entry “05 09 * * *”
action 33 reload

How to separate inbound and outbound data graphs in Nfsen Netflow tool

Yuri — Mon, 28 Mar 2011 06:39:28 +0000

As I said already ( here and here ) for gathering Netflow data, especially with security in mind, I deem Nfsen/nfdump to be the best. And with some easy 2-minutes tweaking I can always make it do exactly what I want.
By default when you configure Cisco to export both ingress and egress Netflow data from the interface Nfdump/Nfsen will accept and process it fine BUT … will show it on the same timeline with the same color and so overlapping over each other. That means you will see only the largest values. To fix it you create additional (from Live) profile with separate Channels, each representing direction of the traffic – inbound or outbound. Then for each channel you set appropriate filter – IN for incoming traffic , OUT for outgoing traffic (all respective to the interface being monitored), followed by SNMP ifIndex of the interface in the router. Picture is worth 1024 words they say , so see below screenshots how I did it for one of my clients.

Nfsen custom profile with channels

Cisco Netflow performance data

Yuri — Sun, 13 Mar 2011 10:45:06 +0000

Not much of a post but link to the Cisco site stating how much Netflow loads the Cisco routers:
Netflow data sheet
I, personally, do a lot of Netflow monitoring and can say that on unloaded routers , passing 2-5 mbits/sec of traffic, the additional load will be some 1-2% of CPU cycles. For the most loaded pair of routers I do monitoring for , two Cisco 2800 passing about 70 Mbits/sec of traffic and creating about 900 Mbytes of Netflow data a day each, enabling Netflow added 8% of CPU load and they cope with it perfectly well.

My Amazon book list for CCIE Security Lab exam

Yuri — Fri, 18 Feb 2011 11:24:40 +0000

Not limited to CCIE Security Lab only, of course, here is the list of books I find really useful in preparing for the Lab .
Amazon Listmania list

Cisco ASA 5500 Series Content Security and Control Security Services Module or just CSC-SSM and how it looks

Yuri — Thu, 17 Feb 2011 08:11:47 +0000

While the reason for me getting involved with this ASA 5510 module is of less interest (client was getting notification message ” LogServer has recently stopped on InterScan for CSC SSM” , more about that at the end of the post) , the module itself looks cute , so I bring here some output to give you a taste what it is.
- General status of the module from ASA CLI prompt.

See that some traffic actually gets redirected to the module.
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class global-class
csc fail-open

#show service-policy

Class-map: global-class
CSC: packet sent 324010194
CSC: packet received 359600712

# show module 1 det

Getting details from the Service Module, please wait…
ASA 5500 Series Content Security Services Module-10
Model: ASA-SSM-CSC-10-K9
Hardware version: 1.0
Serial Number: JAF777777
Firmware version: 1.0(11)5
Software version: CSC SSM 6.3.1172.4
MAC Address Range: c333.7333.b333 to c333.7333.b333
App. name: CSC SSM
App. Status: Up
App. Status Desc: CSC SSM scan services are available
App. version: 6.3.1172.4
Data plane Status: Up
Status: Up
HTTP Service: Up
Mail Service: Up
FTP Service: Up
Activated: Yes
Mgmt IP addr: 192.168.21.119
Mgmt web port: 8443

# show module all

Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX333333
1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10-K9 JAF333333

Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 3333.3333.3333 to 3333.3333.3333 2.0 1.0(11)5 8.2(3)
1 3333.3333.3333 to 3333.3333.3333 1.0 1.0(11)5 CSC SSM 6.3.1172.4

Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 CSC SSM Up 6.3.1172.4

Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Up Up

- Now let’s enter the module itself

# session 1

Opening command session with slot 1.
Connected to slot 1. Escape character sequence is ‘CTRL-^X’.

login: cisco
Password:
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.
Trend Micro InterScan for Cisco CSC SSM Setup Main Menu
———————————————————————

1. Network Settings
2. Date/Time Settings
3. Product Information
4. Service Status
5. Password Management
6. Restore Factory Default Settings
7. Troubleshooting Tools
8. Reset Management Port Access Control List
9. Ping
10. Exit …

Enter a number from [1-10]:

- Are all services are actually running ?
Enter a number from [1-10]: 4

Service Status
———————————————————————

The CSC SSM RegServer service is running
The CSC SSM URLFD service is running
The CSC SSM ScanServer service is running
The CSC SSM HTTP service is running
The CSC SSM FTP service is running
The CSC SSM Notification service is running
The CSC SSM Mail service is running
The CSC SSM GUI service is running
The CSC SSM SysMonitor service is running
The CSC SSM Failoverd service is running
The CSC SSM LogServer service is running
The CSC SSM SyslogAdaptor service is running
The CSC SSM Syslog-ng service is running
The CSC SSM TMCM-Agent service is not enabled
- Troubleshooting information is rather overwhelming

Enter a number from [1-7]: 2

Troubleshooting Tools – Show System Information
———————————————————————

1. Show System Information on Screen
2. Upload System Information
3. Return to Troubleshooting Tools Menu

Enter a number [1-3]: 1
++++++++++++++++++++++
Thu Feb 17 08:04:17 IST 2011 (2)

System is : Up

#@ Product Information
Trend Micro InterScan for Cisco CSC SSM
Version: 6.3.1172.4
Upgrade History: 6.3.1172.4
Engineering Build:
SSM Model: SSM-10
SSM S/N: JAF7777777

#@ Scan Engine and Pattern Information
Virus Scan Engine: 9.2.1012 (Updated: 2010-10-14 07:51:11)
Virus Pattern: 7.841.00 (Updated: 2011-02-17 05:51:23)
Spyware/Grayware Pattern: 1.151.00 (Updated: 2011-02-17 06:51:20)
AntiSpam Engine: 6.5.1024 (Updated: 2010-10-14 07:51:54)
AntiSpam Rule: 17960 (Updated: 2011-02-16 16:53:55)
IntelliTrap Pattern: 0.151.00 (Updated: 2011-02-01 09:07:20)
IntelliTrap Exception Pattern: 0.631.00 (Updated: 2011-02-15 08:51:15)

#@ License Information
Product:Base License
License profile host info check OK.
Version:Standard
Activation Code:PX-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Seats:000100
Status:Activated
Expiration date:10/6/2011
Product:Plus License
License profile host info check OK.
Version:Standard
Activation Code:PX-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Status:Activated
Expiration date:10/6/2011

Daily Node Count: 221
Current Node Count: 85

#@ Kernel Information
Linux ssm 2.6.17.8 #13 PREEMPT Fri Nov 6 06:32:00 PST 2009 i686 unknown

ASDP Driver 1.1(0) is UP:
Total Connection Records: 159623
Connection Records in Use: 156
Free Connection Records: 159467

—— Shared Memory Segments ——–
key shmid owner perms bytes nattch status
0×00003186 4653056 root 666 2621440 1
0×00000000 4456449 root 600 16 2 dest
0×00000000 4620290 root 600 1000000 1 dest
0×00000000 4685827 root 600 1048576 1 dest
0×00000000 4718596 root 600 1048576 1 dest
0×00000000 4325381 isvw 600 24632 22 dest

—— Semaphore Arrays ——–
key semid owner perms nsems
0x000207fb 0 root 777 2
0×00020823 32769 root 777 2
0×00020802 65538 root 777 2
0x000207db 98307 root 777 2
0x00020fa1 131076 root 777 2
0x9abbcf71 1277957 root 660 2
0x325cb3f2 1310726 root 660 2
0x000207d3 229383 root 777 2
0x9abbceae 262152 root 660 2
0x001503cf 327689 root 777 2
0x929c6e9c 360458 isvw 660 2
0x0012040e 393227 isvw 777 2
0x000e039b 425996 isvw 777 2
0×00020863 458765 isvw 777 2
0x00020fe4 1048590 root 777 2

—— Message Queues ——–
key msqid owner perms used-bytes messages

#@ Disk Information
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/hda2 223843 166878 45407 79% /mnt/rw
/dev/hda2 223843 166878 45407 79% /dev
/dev/hda2 223843 166878 45407 79% /etc
/dev/hda2 223843 166878 45407 79% /home
/dev/hda2 223843 166878 45407 79% /lib/modules
/dev/hda2 223843 166878 45407 79% /opt
none 256000 0 256000 0% /opt/trend/isvw/temp
none 50176 22844 27332 46% /opt/trend/isvw/log
none 4096 0 4096 0% /opt/trend/isvw/quarantine
none 5120 0 5120 0% /opt/trend/isvw/queue
none 103424 4912 98512 5% /opt/trend/isvw/tmpfs
none 101376 18032 83344 18% /opt/trend/isvw/lib/mail/cache
none 100352 0 100352 0% /coredump
none 8192 180 8012 2% /var
/dev/boot 19067 8401 9682 46% /boot
none 205824 40 205784 0% /tmp
Filesystem Inodes Used Available Use% Mounted on
/dev/hda2 58000 2503 55497 4% /mnt/rw
/dev/hda2 58000 2503 55497 4% /dev
/dev/hda2 58000 2503 55497 4% /etc
/dev/hda2 58000 2503 55497 4% /home
/dev/hda2 58000 2503 55497 4% /lib/modules
/dev/hda2 58000 2503 55497 4% /opt
none 126902 5 126897 0% /opt/trend/isvw/temp
none 126902 36 126866 0% /opt/trend/isvw/log
none 126902 9 126893 0% /opt/trend/isvw/quarantine
none 126902 11 126891 0% /opt/trend/isvw/queue
none 126902 58 126844 0% /opt/trend/isvw/tmpfs
none 126902 21 126881 0% /opt/trend/isvw/lib/mail/cache
none 126902 1 126901 0% /coredump
none 126902 71 126831 0% /var
/dev/boot 4944 25 4919 1% /boot
none 126902 12 126890 0% /tmp

# Detail file listing:

#@ File Descriptor Information
file: 829 0 98926
inode: 7949 0

#@ Memory Information
# Detail (meminfo):
MemTotal: 1015216 kB
MemFree: 451272 kB
Buffers: 12344 kB
Cached: 233652 kB
SwapCached: 0 kB
Active: 421388 kB
Inactive: 113212 kB
HighTotal: 131072 kB
HighFree: 240 kB
LowTotal: 884144 kB
LowFree: 451032 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 24 kB
Writeback: 0 kB
Mapped: 318252 kB
Slab: 22296 kB
CommitLimit: 507608 kB
Committed_AS: 2035636 kB
PageTables: 3396 kB
VmallocTotal: 114680 kB
VmallocUsed: 1812 kB
VmallocChunk: 112736 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB

# Reported to ASDM:
mem_unknown=61440
mem_cached=233644
mem_total=1015216
mem_est_free=591156
mem_buffers=12344
mem_free=452608
mem_used=424060
mem_tmpfs=46000

#@ Process Information
top – 08:04:18 up 8 days, 11:49, 1 user, load average: 0.08, 0.07, 0.03
Tasks: 68 total, 2 running, 65 sleeping, 0 stopped, 1 zombie
Cpu(s): 0.5%us, 1.9%sy, 2.2%ni, 93.5%id, 0.1%wa, 0.0%hi, 1.8%si, 0.0%st
Mem: 1015216k total, 563944k used, 451272k free, 12344k buffers
Swap: 0k total, 0k used, 0k free, 233652k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10541 root 20 5 697m 85m 5528 S 11.8 8.7 1:02.42 iwss-process
8125 isvw 16 0 2992 1276 1108 S 3.9 0.1 74:01.21 sysmonitor
1 root 16 0 2364 520 444 S 0.0 0.1 0:01.28 init
2 root 34 19 0 0 0 R 0.0 0.0 0:01.34 ksoftirqd/0
3 root 10 -5 0 0 0 S 0.0 0.0 0:00.11 events/0
4 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 khelper
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
7 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
8 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod
67 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
69 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
70 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
205 root 11 -5 0 0 0 S 0.0 0.0 0:10.24 kjournald
7718 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kjournald
7965 root 23 5 11244 5524 1164 S 0.0 0.5 0:00.39 urlfd
7967 isvw 16 0 26060 3596 2024 S 0.0 0.4 0:30.17 regserver
8040 root 16 0 2364 572 484 S 0.0 0.1 0:00.17 crond
8066 root 16 0 2372 588 504 S 0.0 0.1 0:00.01 getty
8069 root 17 0 2368 584 504 S 0.0 0.1 0:00.00 getty
8072 root 16 0 2368 588 508 S 0.0 0.1 0:00.00 getty
8077 root 16 0 2368 596 508 S 0.0 0.1 0:00.00 klogd
8078 root 0 -20 52456 1316 1056 S 0.0 0.1 0:15.75 servmod
8079 root 16 0 2080 988 824 S 0.0 0.1 0:00.02 bash
8118 root 16 0 2048 952 820 S 0.0 0.1 0:00.00 issyslog
8124 root 16 0 2368 716 596 S 0.0 0.1 0:03.36 top2ini
8127 root 21 0 3764 1396 1200 S 0.0 0.1 0:00.20 sshd
8128 root 15 0 2368 564 476 S 0.0 0.1 0:08.42 telnetd
8143 root 16 0 3144 1440 1092 S 0.0 0.1 0:01.23 issyslog.exe
8147 root 16 0 1652 528 444 S 0.0 0.1 0:00.20 vmstat
8213 root 16 0 9448 1132 932 S 0.0 0.1 0:00.13 failoverd
8237 root 15 0 1760 764 588 S 0.0 0.1 0:00.15 syslog-ng
8262 isvw 21 0 383m 112m 17m S 0.0 11.3 1:15.03 java
10404 isvw 16 0 0 0 0 Z 0.0 0.0 0:00.00 cat
23838 root 16 0 13564 2256 1832 S 0.0 0.2 0:00.02 isdelvd
23975 root 20 5 52700 35m 6132 S 0.0 3.6 0:08.88 imssd
24041 root 20 5 52700 32m 3024 S 0.0 3.3 0:00.04 imssd
24042 isvw 20 5 53280 35m 5644 S 0.0 3.6 0:00.77 imssd
24043 isvw 20 5 53216 35m 5680 S 0.0 3.6 0:00.74 imssd
24044 isvw 20 5 53152 35m 5564 S 0.0 3.6 0:00.69 imssd
24045 isvw 20 5 53332 35m 5708 S 0.0 3.6 0:00.95 imssd
24046 isvw 20 5 53244 35m 5728 S 0.0 3.6 0:01.09 imssd
24047 isvw 20 5 53280 35m 5672 S 0.0 3.6 0:01.02 imssd
24048 isvw 20 5 53152 35m 5636 S 0.0 3.6 0:00.69 imssd
24049 isvw 20 5 53280 35m 5672 S 0.0 3.6 0:01.15 imssd
24050 isvw 20 5 53152 35m 5636 S 0.0 3.6 0:00.94 imssd
24051 isvw 20 5 53152 35m 5608 S 0.0 3.6 0:00.77 imssd
24052 isvw 20 5 53328 35m 5716 S 0.0 3.6 0:01.06 imssd
24053 isvw 20 5 53152 35m 5680 S 0.0 3.6 0:01.03 imssd
24054 isvw 20 5 53244 35m 5720 S 0.0 3.6 0:00.93 imssd
24055 isvw 20 5 53292 35m 5624 S 0.0 3.6 0:00.76 imssd
24056 isvw 20 5 53252 35m 5684 S 0.0 3.6 0:00.79 imssd
24057 isvw 20 5 53284 35m 5736 S 0.0 3.6 0:00.83 imssd
24058 isvw 20 5 53152 35m 5608 S 0.0 3.6 0:00.69 imssd
24059 isvw 20 5 53152 35m 5640 S 0.0 3.6 0:00.87 imssd
24060 isvw 20 5 53292 35m 5624 S 0.0 3.6 0:00.84 imssd
24061 isvw 20 5 53152 35m 5616 S 0.0 3.6 0:00.97 imssd
25989 isvw 25 0 7676 1432 928 S 0.0 0.1 0:00.01 tmlogserv
8575 root 21 5 22812 2776 2312 S 0.0 0.3 0:00.00 isftpd
8585 root 21 5 35308 3360 2580 S 0.0 0.3 0:00.66 isftpd
10351 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
10476 root 20 5 53824 48m 3804 S 0.0 4.9 0:01.63 scanserver
12539 root 15 0 2072 928 676 S 0.0 0.1 0:00.00 login
12569 root 16 0 2912 1884 868 S 0.0 0.2 0:00.82 setup.bin
14363 root 16 0 2212 1128 832 S 0.0 0.1 0:00.00 sh
14364 root 16 0 2368 452 380 S 0.0 0.0 0:00.00 more
14365 root 24 0 2268 752 400 S 0.0 0.1 0:00.00 sh
14491 root 24 0 2268 692 340 S 0.0 0.1 0:00.00 sh
14492 root 21 0 1992 836 652 R 0.0 0.1 0:00.00 top

#@ Hardware Information
SSM-IPS10-K9
field 0×00 type 0×0040 CONTROLLER TYPE 1177
field 0×01 type 0×0041 HW REV 1.0
field 0×02 type 0x00CB PID ASA-SSM-CSC-10-K9
field 0×03 type 0×0089 VID V02
field 0×04 type 0×0087 TOP 68 LEVEL PN 22-444-02
field 0×05 type 0×0082 PCB 73 LEVEL PN 22-444-02
field 0×06 type 0×0042 PCB REV 65.48
field 0×07 type 0x00C1 PCB SN JAF7777777
field 0×08 type 0x00C2 CHASSIS SN JAF7777777
field 0×09 type 0×0088 NEW DEVIATION NUM 00000000
field 0x0A type 0x00C4 MFG TEST INFO 0000000000000000
field 0x0B type 0×0081 RMA NUM 00000000
field 0x0C type 0×0004 RMA HIST INFO 00
field 0x0D type 0x00C6 CLEI CODES COUCAB5CAB
field 0x0E type 0x00DA DESC ASA 5500 Series Content Security Services Module-10
field 0x0F type 0x00C3 CHASSIS MAC ADDR C8:4C:33:33:33:03
field 0×10 type 0×0043 MAC ADDR_BLK SZ 1
field 0×11 type 0x008C UNKNOWN TYPE 01000B05

#@ Ethernet Interface Information
cisco_asd Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP MTU:1496 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

dummy0 Link encap:Ethernet HWaddr 0E:66:36:3C:B8:59
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth0 Link encap:Ethernet HWaddr 00:00:00:02:00:02
UP BROADCAST RUNNING MULTICAST MTU:1796 Metric:1
RX packets:219824061 errors:0 dropped:0 overruns:0 frame:0
TX packets:239771533 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2266716309 (2.1 GiB) TX bytes:2448412682 (2.2 GiB)
Base address:0xcc00 Memory:f8100000-f8120000

eth1 Link encap:Ethernet HWaddr C8:4C:33:33:33:03
inet addr:192.168.21.119 Bcast:192.168.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7022387 errors:0 dropped:0 overruns:0 frame:0
TX packets:2435439 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1155121379 (1.0 GiB) TX bytes:510057499 (486.4 MiB)
Base address:0xbc00 Memory:f8200000-f8220000

eth2 Link encap:Ethernet HWaddr 00:00:00:02:00:01
inet addr:127.0.2.1 Bcast:127.0.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:757828 errors:0 dropped:0 overruns:0 frame:0
TX packets:196896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:84163835 (80.2 MiB) TX bytes:18269211 (17.4 MiB)
Interrupt:169 Memory:f8300000-f8300fff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:116078 errors:0 dropped:0 overruns:0 frame:0
TX packets:116078 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14822499 (14.1 MiB) TX bytes:14822499 (14.1 MiB)

#@ Connection Information
sockets: used 271
TCP: inuse 231 orphan 2 tw 395 alloc 233 mem 40
UDP: inuse 2
RAW: inuse 0
FRAG: inuse 0 memory 0

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5060 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1812 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:65014 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:32792 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 11391777 /var/run/isvw/sshttp.sock
unix 2 [ ACC ] STREAM LISTENING 11391785 /var/run/isvw/ssptnupdt.sock
unix 2 [ ACC ] STREAM LISTENING 11391778 /var/run/isvw/ssftp.sock
unix 2 [ ACC ] STREAM LISTENING 11391779 /var/run/isvw/sssmtp.sock
unix 2 [ ACC ] STREAM LISTENING 11391780 /var/run/isvw/sspop3.sock
unix 2 [ ACC ] STREAM LISTENING 11391781 /var/run/isvw/ssfiletype.sock
unix 2 [ ACC ] STREAM LISTENING 11253560 /dev/log
unix 3 [ ACC ] STREAM LISTENING 2257 /var/run/log.sock
unix 2 [ ACC ] STREAM LISTENING 2259 /var/run/log.sock2
unix 2 [ ACC ] STREAM LISTENING 1530 /var/run/urlf.sock

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 209.26.19.126:80 192.168.1.31:42573 TIME_WAIT
tcp 0 0 194.18.243.10:80 192.168.2.54:4818 FIN_WAIT2
tcp 0 0 134.11.14.127:80 192.168.1.125:3274 TIME_WAIT
tcp 0 0 150.127.24.146:80 192.168.2.54:4840 FIN_WAIT2

References:
Product data sheet – CSC module datasheet

And about error message – it is a known bug that will be fixed in the next release of the firmware for the module . Still, I opened the ticket with TAC and they provided interim patch to take care of this restartin gLogServer service. Also , they (Cisco) say it is harmless bug not causing any outage.

CCIE Security travel diaries are here

Yuri — Sat, 25 Dec 2010 13:02:41 +0000

Bonjour à tous , as they say in Brussels (sorry – Bruxelles) .

I started a new blog about preparing/thinking/sweating/labbing for/about/for/in Cisco CCIE Security Lab exam. You are welcome to read it here : ccie-security-blog.com. The first post is titled “Tips on how to fail your CCIE Security Lab exam” and summarizes my first attempt I took in November in Brussels.

Also it inevitable means I will post less and less here , about Checkpoint, so bear with me until I attain this coveted badge, CCIE Security Expert.

Cheers,

Happy New Year everyone!