[59757] in North American Network Operators' Group
Re: Patching for Cisco vulnerability
daemon@ATHENA.MIT.EDU (Larry Rosenman)
Fri Jul 18 16:07:37 2003
Date: Fri, 18 Jul 2003 15:04:31 -0500
From: Larry Rosenman <ler@lerctr.org>
To: Daniel Roesen <dr@cluenet.de>, nanog@merit.edu
In-Reply-To: <20030718215757.A3046@homebase.cluenet.de>
Errors-To: owner-nanog-outgoing@merit.edu
--On Friday, July 18, 2003 21:57:57 +0200 Daniel Roesen <dr@cluenet.de>
wrote:
>
> On Fri, Jul 18, 2003 at 03:31:25PM -0400, Jared Mauch wrote:
>> > 12.0(21)S* (at least S5 and above) have broken SNMP interface counters
>> > and Cisco refuses to fix the bug in 12.0(21)S*, so people who don't
>>
>> Do you have a DDTS I can reference?
>
> Not handy, but from cisco-nsp Archives I've found CSCea35259 and
> CSCdy30984, and a reference to CSCea63754 which I can't take a look
> at in BugToolkit.
>
> Symptom: SNMP output octet counter stops counting traffic (except
> some control plane traffic it seems), with every few days jumping
> by weird amounts producing such funny things like 150mbps spikes on
> a FE interface.
>
> I've seen a box with a nicely loaded FE (30-70mbps) which took
> (reproducably) just about 48 hours to have this interface stop counting.
> If this would have been a customer interface, it would have meant
> "reload router every two nights or lose money".
>
> This bug is supposed to be (finally) fixed in 12.0(25)S1.
>
> Given that you a) don't want to lose money and b) don't want to
> do two whole-network upgrades within a short time, going to 12.0(21)S7
> to fix the vulnerabilty is no real option, so people are more or less
> forced to put their networks on bigger risk by going from 12.0(21)S*
> to (25)S1.
I'm running 12.0(25.2)S, and it has the bug REALLY squashed.
LER
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
