At this time i’ve detected Cisco ASA 5505 CPU utilization went to 100% and LAN was flood with broadcast (ff:ff:ff:ff:ff) going to 10.0.12.255 handle, i’ve observed all these exercise in wireshark that some unusual stuff occurring.
I soar on firewall (Cisco ASA) and did present conn the place i discovered following
ASA(config)# present conn
1946 in use, 50002 most used
UDP eng 10.0.12.255:44678 inside 10.0.10.92:59654, idle 0:00:00, bytes 21657163800, flags -
ICMP eng 10.0.12.255:0 inside 10.0.10.92:61597, idle 0:00:00, bytes 8142154200, flags
UDP eng 10.0.12.255:31796 inside 10.0.10.92:59654, idle 0:00:00, bytes 18100194900, flags -
ICMP eng 10.0.12.255:0 inside 10.0.10.92:8018, idle 0:00:00, bytes 5909738400, flags
ICMP eng 10.0.12.255:0 inside 10.0.10.92:44296, idle 0:00:00, bytes 0, flags
ICMP eng 10.0.12.255:0 inside 10.0.10.92:19044, idle 0:00:00, bytes 0, flags
UDP eng 10.0.12.0:40776 inside 10.0.10.92:59705, idle 0:00:00, bytes 18865919700, flags -
UDP eng 10.0.12.0:34428 inside 10.0.10.92:59705, idle 0:00:00, bytes 24248390700, flags -
ICMP eng 10.0.12.0:0 inside 10.0.10.92:56833, idle 0:00:00, bytes 7659338550, flags
ICMP eng 10.0.12.0:0 inside 10.0.10.92:3821, idle 0:00:00, bytes 0, flags
ICMP eng 10.0.12.0:0 inside 10.0.10.92:27263, idle 0:00:00, bytes 0, flags
ICMP eng 10.0.12.0:0 inside 10.0.10.92:30586, idle 0:00:00, bytes 0, flags
It was clear 10.0.10.92 doing one thing dangerous so we’ve got discover supply and shutdown that PC (home windows desktop) however attention-grabbing sufficient broadcast did not cease it was nonetheless occurring.
Lastly after 30 minute of dancing i made a decision to clear conn desk and as quickly as i did following every thing began trying good.
ASA(config)# clear conn handle 10.0.10.92
28 connection(s) deleted.
can somebody clarify me what was occurring right here?