Cisco 4006 worm

How can I detect if my Cisco 4006 switch is infected with worm/virus. Beacuse it is dead slow. Thanks.

Reply to
Loading thread data ...

they dont have worms, worms are in your network, please check CPU and utilization. Disconect every cable from your network and put one for one again OR try to deny some networks and try to figure out wich network is making so slow the 4006

Reply to
Fer Mtz

It is quite unlikely that a worm or virus has infected your 4006 itself. I have a vague memory that some group was able to drop code into a couple of kinds of IOS devices, but that would have been at least 6 years ago, probably longer, and only applied to a few devices (different models use different processors), was relatively easily defended against, and would have been patched long ago.

It is, though, entirely possible that something in your network has been infected and your network is being flooded with outgoing attempts to infect other things. You can track that sort of activity by setting up a syslog server and adding "log" modifiers to your ACL entries (use permit ip any any log if you want to permit all traffic through.) Alternately, try enabling "ip accounting"; then "show ip accounting" can show you summaries of where the traffic is going.

(I'm presuming here that your 4006 has a routing card in it, not just acting as a true layer 2 switch.)

For really detailed accounting, you -might- be able to enable "netflow", but you probably don't have a netflow analyzer available, and I suspect your 4006 doesn't support netflow.

Reply to
Walter Roberson

On a Catalyst 4006 switch on which you have installed one or more WS-X4148-RJ45V modules, the typical utilization is higher:

formatting link

Brad Reese Cisco Repair

formatting link

Reply to

"show proc cpu" is probably a good start. I don't know if the 4006 runs IOS but if yours is then try "show proc cpu sort".


Reply to
Sam Wilson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.