North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: cisco IOS bug/exploit?

  • From: Barton F Bruce
  • Date: Mon Aug 20 11:08:04 2001

There is a chance that you have a static for to eth0 or
something like that even though the other end may be the only thing on the
ethernet. DON'T do that!

The router will arp for every address it needs to get to.
With codered around, that can be bad.

Use a static default to a real ip address.

There is somthing on CCO about this.

----- Original Message -----
From: "Jim Mercer" <[email protected]>
To: <[email protected]>
Sent: Monday, August 20, 2001 10:42 AM
Subject: cisco IOS bug/exploit?

> i have a couple 2501's holding up a T1 line.
> static routing config, no RIP/OSPF/BGP, no httpd.
> router A is Version 11.0(16)
> router B is Version 11.1(5)
> starting saturday night, i noticed that snmp queries were failing to one
> or both of the routers at various points.
> i tried to log into the routers, but telnet was failing.
> using the console access to one of the units, i found that memory was
> exhausted.
> after a reload, the memory would be exhausted again, and i noted that
> "show mem" indicated numerous of "Packet header" or some such hanging
> around in memory.
> whatever was happening did not seem to effect the packet flow through the
> router, as the connections and volumes were normal.
> i figured either some kinda bug or exploit was being sent against the
> but nothing in my tcpdumps indicated abnormal traffic to any of the
> addresses.
> i was planning on upgrading the IOS today, but this morning, i found that
> everything had returned to normal, with a normal amount of free memory,
> no real amount of extraneous junk in memory.
> can anyone point me at what might have been the cause, and/or a solution
> that it doesn't happen again?
> --
> [ Jim Mercer        [email protected]         +1 416 410-5633 ]
> [ Now with more and longer words for your reading enjoyment. ]