[59744] in North American Network Operators' Group
after Cisco IOS exploit patch
daemon@ATHENA.MIT.EDU (Saxon Jones)
Fri Jul 18 14:50:41 2003
From: Saxon Jones <SaxonJ@interbaun.net>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Fri, 18 Jul 2003 12:49:57 -0600
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C34D5D.625809E0"
------_=_NextPart_001_01C34D5D.625809E0
Content-Type: text/plain
After I upgraded my IOS this morning I've seen 13,844 input errors on the
port; when looking at the switch the router is connected to I see that a
very similar number of multi-cast packets (13,423).
Has anyone else seen this? Is this perhaps what the patch does (register
exploit packets as input errors)?
FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140A, address is 0002.1723.0800 (bia 0002.1723.0800)
Internet address is 199.185.131.249/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 106/255, rxload 118/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/53/231 (size/max/drops/flushes); Total output drops: 733
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 46298000 bits/sec, 9642 packets/sec
5 minute output rate 41710000 bits/sec, 8891 packets/sec
163709405 packets input, 2006456215 bytes
Received 11374 broadcasts, 0 runts, 0 giants, 2 throttles
13844 input errors, 0 CRC, 0 frame, 0 overrun, 13182 ignored
0 watchdog
0 input packets with dribble condition detected
157777703 packets output, 1121349334 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet8 is up
Hardware is FastEthernet, address is 00e0.5202.4613 (bia 00e0.5202.4613)
Configured speed 100Mbit, actual 100Mbit, configured duplex fdx, actual
fdx
Member of L2 VLAN ID 1, port is untagged, port state is FORWARDING
STP configured to OFF, priority is high, flow control enabled
mirror disabled, monitor disabled
Not member of any active trunks
Not member of any configured trunks
No port name
5 minute input rate: 43045336 bits/sec, 8985 packets/sec, 44.47%
utilization
5 minute output rate: 46621104 bits/sec, 9711 packets/sec, 48.16%
utilization
689714869 packets input, 3817420687 bytes, 0 no buffer
Received 4493 broadcasts, 0 runts, 0 giants
5 input errors, 5 CRC, 0 frame, 0 ignored
13423 multicast
736196013 packets output, 1836390208 bytes, 0 underruns
0 output errors, 0 collisions
________________________
saxon jones
network infrastructure admin
interbaun communications
suite 200
18404 stony plain road
edmonton, ab
T5S 2M8
<mailto:netadmin@interbaun.net> mailto:netadmin@interbaun.net
<http://www.interbaun.com/> http://www.interbaun.com/
(780) 447-8276
------_=_NextPart_001_01C34D5D.625809E0
Content-Type: text/html
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Verdana;
color:#5F5F5F;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>After I upgraded my
IOS this morning I've seen 13,844 input errors on the port; when looking
at the switch the router is connected to I see that a very similar number of
multi-cast packets (13,423).</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> </span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>Has anyone else seen
this? Is this perhaps what the patch does (register exploit packets as
input errors)?</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> </span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>FastEthernet0/0 is
up, line protocol is up</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Hardware is DEC21140A,
address is 0002.1723.0800 (bia 0002.1723.0800)</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Internet
address is 199.185.131.249/24</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> MTU 1500
bytes, BW 100000 Kbit, DLY 100 usec,</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
reliability 255/255, txload 106/255, rxload 118/255</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Encapsulation
ARPA, loopback not set</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Keepalive set
(10 sec)</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Full-duplex,
100Mb/s, 100BaseTX/FX</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> ARP type:
ARPA, ARP Timeout 04:00:00</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Last input
00:00:00, output 00:00:00, output hang never</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Last clearing
of "show interface" counters never</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Input queue:
0/75/53/231 (size/max/drops/flushes); Total output drops: 733</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Queueing
strategy: fifo</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Output queue:
0/40 (size/max)</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 5 minute input
rate 46298000 bits/sec, 9642 packets/sec</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 5 minute
output rate 41710000 bits/sec, 8891 packets/sec</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
163709405 packets input, 2006456215 bytes</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
Received 11374 broadcasts, 0 runts, 0 giants, 2 throttles</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
13844 input errors, 0 CRC, 0 frame, 0 overrun, 13182 ignored</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 watchdog</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 input packets with dribble condition detected</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
157777703 packets output, 1121349334 bytes, 0 underruns</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 output errors, 0 collisions, 2 interface resets</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 babbles, 0 late collision, 0 deferred</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 lost carrier, 0 no carrier</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>
0 output buffer failures, 0 output buffers swapped out</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> </span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'>FastEthernet8 is up</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Hardware is FastEthernet,
address is 00e0.5202.4613 (bia 00e0.5202.4613)</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Configured
speed 100Mbit, actual 100Mbit, configured duplex fdx, actual fdx</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Member of L2
VLAN ID 1, port is untagged, port state is FORWARDING</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> STP configured
to OFF, priority is high, flow control enabled</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> mirror
disabled, monitor disabled</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Not member of
any active trunks</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Not member of
any configured trunks</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> No port name</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 5 minute input
rate: 43045336 bits/sec, 8985 packets/sec, 44.47% utilization</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 5 minute
output rate: 46621104 bits/sec, 9711 packets/sec, 48.16% utilization</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 689714869
packets input, 3817420687 bytes, 0 no buffer</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> Received 4493
broadcasts, 0 runts, 0 giants</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 5 input
errors, 5 CRC, 0 frame, 0 ignored</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 13423 multicast</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 736196013
packets output, 1836390208 bytes, 0 underruns</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> 0 output
errors, 0 collisions</span></font></p>
<p class=MsoNormal><font size=1 color="#5f5f5f" face=Verdana><span
style='font-size:8.5pt;font-family:Verdana;color:#5F5F5F'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>________________________</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>saxon
jones</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>network
infrastructure admin</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color="#003366"
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:#003366'>in</span></font><font
size=1 color=black face=Verdana><span style='font-size:8.5pt;font-family:Verdana;
color:black'>terbaun communications</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>suite
200</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>18404
stony plain road</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>edmonton,
ab</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>T5S
2M8</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'><a
href="mailto:netadmin@interbaun.net"><font color=black><span style='color:black'>mailto:netadmin@interbaun.net</span></font></a></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'><a
href="http://www.interbaun.com/"><font color=black><span style='color:black'>http://www.interbaun.com/</span></font></a></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=black
face=Verdana><span style='font-size:8.5pt;font-family:Verdana;color:black'>(780)
447-8276</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C34D5D.625809E0--
--------------InterScan_NT_MIME_Boundary--
