[c-nsp] In your opinions, is this an IOS bug or not?
Ted Mittelstaedt
tedm at toybox.placo.com
Sat Mar 5 02:23:53 EST 2005
> -----Original Message-----
> From: Luan Nguyen [mailto:luan.nguyen at mci.com]
> Sent: Friday, March 04, 2005 5:32 AM
> To: Ted Mittelstaedt; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] In your opinions, is this an IOS bug or not?
>
>
> There is a bug with http inspect in CBAC. I could dig up the
> bug number if
> you need to. But just get rid of that line and let tcp does
> the inspect and
> you should be fine :)
>
Luan, if you can't be bothered to read the post please don't waste time
replying to it. Please reread the following:
" So, I pull the inspection statement covering http from
their router. voila - instantly they are now getting the 3MB. This
lasts
for about 8 hours and then its crawling again. So, I remove every scrap
and
trace of any IOS Firewall inspection statements and reboot the router and
everything is now fine."
Was it somehow unclear that I already knew that getting rid of the line
and letting tcp do the inspect would fix the problem?
I appreciate the effort but when you don't pay attention to the post,
the old GIGO rule applies and I can't use anything you come up with.
Unfortunately, the following day after I wrote that post guess what -
the router died again. And there were NO INSPECTION STATEMENTS
WHATSOEVER
in it. I went ahead and put it to a non-IOS Firewall feature set, we
will see how long that lasts.
Ted
More information about the cisco-nsp
mailing list