[nsp] AS5300 loosing memory

Security security at cytanet.com.cy
Fri Aug 22 17:16:36 EDT 2003 

We had similar problems and is due to the recent virus. We block all
necessary ports and in some cases in ordrer to save our network we block
ICMPs. We block ICMP to sides where we did not have powerfull routers to
handle all the ICMP traffic. 

>Just to add to this - We too { AS7106 } started seeing the same issue
>today and had been blocking the previous problems at the core.  Our 
>AS5248's and AS5300 had been having the problem all day.  We just updated 
>our core for the Nachi Worm and this looks to have slowed down the pace. 
>We do have a TAC case open on this.  It will be interesting to see what 
>they have to say ;-)  -  Anyone interested in me updating the list with 
>TAC findings?  
>
>------------------------------------------------------------
>    (_ )     Jason Houx, CCNA <coldiso at houx.org>
> \\\'',) ^   Com.net Inc.
>   \/  \(    Bright.net Network Operations
>   .\._/_)
>   OpenBSD   Unix - live free or DIE!
>------------------------------------------------------------
>
>
>On Wed, 20 Aug 2003, Siva Valliappan wrote:
>
>> there are newer documents on CCO to combat the below worms.  you can
find
>> them on:
>> 
>> http://www.cisco.com/warp/public/707/advisory.html
>> 
>> cheers
>> .siva
>> 
>> On Wed, 20 Aug 2003, Siva Valliappan wrote:
>> 
>> > Hi Jay,
>> >
>> >    you end users might be infected with blaster or some variant
(sobig,
>> > nachi, etc).  it sounds like you are fast-switching on those routers
>> > and they are consuming all the available memory in building cache
>> > tables.
>> >
>> > check the below url out on how to deal with such types of worms.
>> >
>> > http://www.cisco.com/warp/customer/63/ts_codred_worm.shtml
>> >
>> > cheers
>> > .siva
>> >
>> > On Wed, 20 Aug 2003, Jay Nakamura wrote:
>> >
>> > >
>> > > We have suddenly having issues with our as5300s.  We were running
>> > > 12.2(15)T5, I noticed gradual memory leak over days but one day free
memory
>> > > just dropped and most of our 5300s started crashing.  Reboot helped
for
>> > > couple hours but it started using up memory again.  I switched over
to
>> > > 12.2(17a) but that hasn't solved the problem.
>> > >
>> > > If I do "sh proc mem", it seems that "IP Input" is hogging the RAM. 
If I do
>> > > "clear ip route *", the free memory will increase to normal level
but it
>> > > will again keep dropping.
>> > >
>> > > I am unsure as to the cause of the problem.  Any suggestions on what
to look
>> > > for or what I can do?
>> > >
>> > > --
>> > >
>> > > -- J.S. Nakamura --                 Phone  (812)337-5070 x213
>> > > -- Kiva Networking --               Fax    (812)337-5082
>> > >                                     email  jnakamur at kiva.net
>> > >
>> > >
>> > > _______________________________________________
>> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> > >
>> >
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_____________________________
CYTANET WebMail
http://webmail.cytanet.com.cy

More information about the cisco-nsp mailing list