Hi,
I'd read the advisory, and I *thought* I had the workaround correct, but
now I'm thinking it's not... One of our routers stopped speaking ospf and
could not be telnet'd or ssh'd to. I hit the console from our term server
and just got the message:
%% Low on memory; try again later
Ugh. Looking over at the loghost I found this repeated over and over:
Feb 23 23:58:42 edge-1-loopback-var 936: -Process= "IP SNMP", ipl= 0, pid=
60
Feb 23 23:58:42 edge-1-loopback-var 937: -Traceback= 60253188 60254E40
605EC934 605F1388 605F3410 60611B4C 605EDF20 605EDEA0 60601E78 60323B70
6024C67C 6024C668
Feb 23 23:59:12 edge-1-loopback-var 938:
Feb 24 04:59:11.806 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 16 bytes
failed from 0x605EC92C, alignment 0
Feb 23 23:59:12 edge-1-loopback-var 939: Pool: Processor Free: 7748 Cause: Mem ory fragmentation
Feb 23 23:59:12 edge-1-loopback-var 940: Alternate Pool: None Free: 0
Cause: No Alternate pool
This repeats, and eventually a similar message about the OSPF process
starts appearing, and that's when I started getting pages. I killed all
the links back to this router from the other side, and after about five
minutes the console came back and I was able to disable snmp completely
and reload it. Been fine so far...
So is this the "expected" result of the snmp bug being fondled remotely?
This router is on: 12.0(19.6)S, others are running: 12.0(20.3)S1.
Any issues in going up to the latest "S"?
Hope some of this info helps; it seems like if you can isolate the router
from the net while under attack, you may be able to save a trip in to flip
the power switch...
Thanks,
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| spork@inch.com | access@inch.com
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:05 EDT