[39646] in North American Network Operators' Group
Code Red -> Router Memory depletion?
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Thu Jul 19 14:59:51 2001
Message-ID: <004d01c11085$114f77c0$c2c68bd0@domain.com>
From: "Mike Lewinski" <mike@rockynet.com>
To: <nanog@merit.edu>
Date: Thu, 19 Jul 2001 13:00:24 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
We've seen two routers experiencing problems this AM that appear to be
related to client swervers infected with the IIS Code Red virus. I say
appear because of the timing with cpu profiles on downstream routers
where infections broke out, but I don't have any direct evidence.
The first one was a border router:
Jul 19 08:00:47 5093: 2w5d: %SYS-2-MALLOCFAIL: Memory allocation of
65540 bytes failed from 0x603BF35C, pool Processor, alignment 0
Jul 19 08:00:47 5094: -Process= "BGP Router", ipl= 0, pid= 86
# sh ver
uptime is 4 hours, 46 minutes
System returned to ROM by bus error at PC 0x603BFCFC, address 0xFFFFFFF0
at 05:57:21 UTC Thu Jul 19 2001
The other one is a client aggregation router
Jul 19 12:02:49 192: %SYS-2-MALLOCFAIL: Memory allocation of 1964 bytes
failed from 0x314DA4A, pool Processor, alignment 0
Jul 19 12:02:49 193: -Process= "OSPF Router", ipl= 0, pid= 32
(This router is still functioning, but not allowing any incoming
connections on telnet).
-Mike
