North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Failure due to Virus

  • From: Stephen J. Wilcox
  • Date: Fri Sep 12 08:59:26 2003

On Fri, 12 Sep 2003, Petri Helenius wrote:

> 
> Stephen J. Wilcox wrote:
> 
> >Hi,
> > we've seen this.. yuo need to make sure you filter the nachi worm 92 byte icmp
> >echo's on your interfaces and it will be fine. The problem seems to be input
> >buffers which use all the memory up for some reason.
> >  
> >
> This sounds vaguely similar to the recent IOS buffers stuck issue.

No, its quite different

1:
On the vuln. the buffer filled up and could not be emptied without a reboot

On nachi the buffer doesnt seem to fill and an acl or shutting the interface 
will solve the problem whilst the router stays up

2:
On the vuln. the outcome was that the particular interface stopped forwarding 
traffic

On nachi the router runs out of main memory and starts dropping processes
because of malloc failure


FYI I have only encountered the nachi problem on a few PE routers which were old 
and had little memory anyway eg Cisco 2500.. presumably the buffer filling isnt 
a memory leak and providnig there is enough spare memory the router wont be 
affected in this way.

Steve