[61978] in North American Network Operators' Group
Re: Cisco IOS Failure due to Virus
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Fri Sep 12 08:57:35 2003
Date: Fri, 12 Sep 2003 13:56:55 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Petri Helenius <pete@he.iki.fi>
Cc: "Richard J.Sears" <rsears@adnc.com>, Nanog <nanog@nanog.org>
In-Reply-To: <3F61B0EE.7070902@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 12 Sep 2003, Petri Helenius wrote:
>
> Stephen J. Wilcox wrote:
>
> >Hi,
> > we've seen this.. yuo need to make sure you filter the nachi worm 92 byte icmp
> >echo's on your interfaces and it will be fine. The problem seems to be input
> >buffers which use all the memory up for some reason.
> >
> >
> This sounds vaguely similar to the recent IOS buffers stuck issue.
No, its quite different
1:
On the vuln. the buffer filled up and could not be emptied without a reboot
On nachi the buffer doesnt seem to fill and an acl or shutting the interface
will solve the problem whilst the router stays up
2:
On the vuln. the outcome was that the particular interface stopped forwarding
traffic
On nachi the router runs out of main memory and starts dropping processes
because of malloc failure
FYI I have only encountered the nachi problem on a few PE routers which were old
and had little memory anyway eg Cisco 2500.. presumably the buffer filling isnt
a memory leak and providnig there is enough spare memory the router wont be
affected in this way.
Steve
