Cisco IOS Failure due to Virus
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Sep 12 12:56:55 UTC 2003
On Fri, 12 Sep 2003, Petri Helenius wrote:
>
> Stephen J. Wilcox wrote:
>
> >Hi,
> > we've seen this.. yuo need to make sure you filter the nachi worm 92 byte icmp
> >echo's on your interfaces and it will be fine. The problem seems to be input
> >buffers which use all the memory up for some reason.
> >
> >
> This sounds vaguely similar to the recent IOS buffers stuck issue.
No, its quite different
1:
On the vuln. the buffer filled up and could not be emptied without a reboot
On nachi the buffer doesnt seem to fill and an acl or shutting the interface
will solve the problem whilst the router stays up
2:
On the vuln. the outcome was that the particular interface stopped forwarding
traffic
On nachi the router runs out of main memory and starts dropping processes
because of malloc failure
FYI I have only encountered the nachi problem on a few PE routers which were old
and had little memory anyway eg Cisco 2500.. presumably the buffer filling isnt
a memory leak and providnig there is enough spare memory the router wont be
affected in this way.
Steve
More information about the NANOG
mailing list