[c-nsp] PIX 525 hogging Memory
Marcelo Maraboli
marcelo.maraboli at usm.cl
Mon Apr 24 16:28:30 EDT 2006
Hi Admins..
I have a 525 PIX (with a failover/standby unit) with 7.0(2) PIX-OS
and since Thursday it´s been blocking every connection after
4-6 hours of normal operation.
The symptoms match:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_security_notice09186a008059a411.html
I tried "workaround #4" (checksum checking) and it seems more stable,
the usage is slowly growing, but growing....!!
The only strange thing I notice is a 100% memory usage,
starting at boot time from around 50%..
fw# sh mem
Free memory: 1085424 bytes ( 0%)
Used memory: 267350032 bytes (100%)
------------- ----------------
Total memory: 268435456 bytes (100%)
After I execute a "clear xlate", it seems to free some RAM,
and continues to work for some additional time.
How can I tell WHAT process/event/ACL is hogging all the RAM ??
I`m not sure that a Checksum-Attack is the cause, could it
be an internal worm sending thousands of SYN packets and the PIX
just gets flooded with NAT Translations ??
thanks,
--
Marcelo Maraboli Rosselott
Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer)
Ingeniero Civil Electronico (Electronic Engineer)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria phone: +56 32 654237
Chile. http://elqui.dcsc.utfsm.cl/
More information about the cisco-nsp
mailing list