Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Big amount of flow from a bogus IP Address

Big amount of flow from a bogus IP Address

Created by Daniel Phillipps, last modified by MindTouch on Jun 23, 2016

Views: 16 Votes: 0 Revisions: 5

Overview

There is a big amount of flow from a bogus IP address.

Environment

  • NTA 4.x
  • Cisco IOS-XE versions

Cause 

Cisco has confirmed that there are bugs in the current software they have.

Some symptoms for this bug is getting a big amount of flows from bogus IP addresses that do not exist in your network.

Another behavior found on this bug is when running this command, you can see the output interface changing for the same flows.

sh flow monitor <monitor name>  cache filter ipv4 source add 10.x.x.x ipv4 destination address 10.x.x.x

Known affected releases are 3.6.0 and other customers have reported the same problem with 3.7.1 and 3.7.2.

Resolution

The fix for this bug is available on IOS Versions 3.6.3 E, 3.7(3)E and the latest and suggested version at Cisco Download Software 3.6.4E.

 

Last modified
20:27, 22 Jun 2016

Tags

Classifications

Public