cisco IOS bug/exploit?

Jim Mercer jim at reptiles.org
Mon Aug 20 14:42:03 UTC 2001



i have a couple 2501's holding up a T1 line.

static routing config, no RIP/OSPF/BGP, no httpd.

router A is Version 11.0(16)
router B is Version 11.1(5)

starting saturday night, i noticed that snmp queries were failing to one
or both of the routers at various points.

i tried to log into the routers, but telnet was failing.

using the console access to one of the units, i found that memory was
exhausted.

after a reload, the memory would be exhausted again, and i noted that
"show mem" indicated numerous of "Packet header" or some such hanging
around in memory.

whatever was happening did not seem to effect the packet flow through the
router, as the connections and volumes were normal.

i figured either some kinda bug or exploit was being sent against the unit,
but nothing in my tcpdumps indicated abnormal traffic to any of the interface
addresses.

i was planning on upgrading the IOS today, but this morning, i found that
everything had returned to normal, with a normal amount of free memory, and
no real amount of extraneous junk in memory.

can anyone point me at what might have been the cause, and/or a solution so
that it doesn't happen again?

-- 
[ Jim Mercer        jim at reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]



More information about the NANOG mailing list