[9397] in bugtraq
Re: Widespread Router Access Port DoS
daemon@ATHENA.MIT.EDU (System Grunt)
Mon Feb 8 02:35:37 1999
Date: Fri, 5 Feb 1999 13:20:34 -1000
Reply-To: System Grunt <poidog@IAV.COM>
From: System Grunt <poidog@IAV.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990205181640.8644.qmail@susan.cisco.com>
On Fri, 5 Feb 1999, John Bashinski wrote:
> Since the TCP connection isn't deleted, the virtual TTY (VTY) is not
> being released. If you run a bunch of attacks, you eventually end up
> with all your VTYs hung up on nonexistent connections. If you can
> reach the router at all, you can reclaim them with the "clear line"
> command, but if they're all hung up, you may not have a way to get
> in and do that.
Both will get the hung telnet sessions.
ComOS 3.8.2 PM3
ComOS 3.7L OR-HS
If an available telnet is open, then telnet in and
sh netconns
433 3072 0 iav.com.23 a.iav.com.2921 TIME WAIT
432 3072 0 iav.com.23 a.iav.com.2918 TIME WAIT
405 3072 0 iav.com.23 a.iav.com.2892 TIME WAIT
reset nxxx will give you a reset successful but will take a few minutes to
actually clear.
Or use pmconsole or the new pmvision...
--
Aloha from Paradise,
Sherwood
System Grunt
