North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Patching for Cisco vulnerability

  • From: Larry Rosenman
  • Date: Fri Jul 18 16:08:39 2003

--On Friday, July 18, 2003 21:57:57 +0200 Daniel Roesen <[email protected]> wrote:

On Fri, Jul 18, 2003 at 03:31:25PM -0400, Jared Mauch wrote:
> 12.0(21)S* (at least S5 and above) have broken SNMP interface counters
> and Cisco refuses to fix the bug in 12.0(21)S*, so people who don't

	Do you have a DDTS I can reference?
Not handy, but from cisco-nsp Archives I've found CSCea35259 and
CSCdy30984, and a reference to CSCea63754 which I can't take a look
at in BugToolkit.

Symptom: SNMP output octet counter stops counting traffic (except
some control plane traffic it seems), with every few days jumping
by weird amounts producing such funny things like 150mbps spikes on
a FE interface.

I've seen a box with a nicely loaded FE (30-70mbps) which took
(reproducably) just about 48 hours to have this interface stop counting.
If this would have been a customer interface, it would have meant
"reload router every two nights or lose money".

This bug is supposed to be (finally) fixed in 12.0(25)S1.

Given that you a) don't want to lose money and b) don't want to
do two whole-network upgrades within a short time, going to 12.0(21)S7
to fix the vulnerabilty is no real option, so people are more or less
forced to put their networks on bigger risk by going from 12.0(21)S*
to (25)S1.
I'm running 12.0(25.2)S, and it has the bug REALLY squashed.


Larry Rosenman           
Phone: +1 972-414-9812                 E-Mail: [email protected]
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749