[c-nsp] New PIX DoS Vunlerability?
Jay Hennigan
jay at west.net
Thu Mar 31 15:58:16 EST 2005
On Thu, 31 Mar 2005, Christopher McCrory wrote:
> On Mon, 2005-03-28 at 14:33 -0800, Jay Hennigan wrote:
> > We've recently seen three different customers with PIXen, two 515s and
> > one 506, that have locked up solid. No console, no throughput. Power-
> > cycling brings them back. Two running 6.33 and one 6.34.
> >
> > Bug toolkit doesn't show anything relevant. Anyone else seeing similar
> > behavior?
>
> Did you ever find out more information or a cause? as in, "Should we be
> worried?"
Not specifically. I suspect coincidence. I received private email from
a Cisco engineer who indicated that PSIRT had no other reports. The 506
seems to be a hardware failure, probably thermal. I may try the heat-gun
and freeze-spray trick on the PCB if I have the time. Replaced with a
new one, identical config, no problems.
One of the 515s has been fine since being power-cycled. The other may be
part of a group of units with a manufacturing defect, an out-of-spec chip
that results in a timing issue under load. The customer is checking date
codes now.
Cisco indicates that having a unit "freeze" is something that should not
happen (probably due to a watchdog reset circuit). In the event of a
crash, the unit should reload.
So, I don't think we should be worried. Just an oddity.
--
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
NetLojix Communications, Inc. - http://www.netlojix.com/
More information about the cisco-nsp
mailing list