RE: Memory leak??

From: Weidong Xiao (Weidong.Xiao@vi.net)
Date: Fri Sep 05 2003 - 08:31:01 GMT-3

• Next message: Charles T. Alexander: "Reflexive Access List"
• Previous message: Olive, Darren: "RE: Memory leak??"
• Maybe in reply to: Yuki Hisano: "Memory leak??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Right.

We got the same problem recently. An internal workstation got the M$blaster, and was constantly scaning the Internet (destination port 135). As we run reflective ACL, router memory was consumed by huge amount of entries for this workstation. After patching the workstation, problem solved.

> -----Original Message-----
> From: Olive, Darren [mailto:Darren.Olive@globalcrossing.com]
> Sent: 05 September 2003 11:14
> To: 'Robert DuBell'; Yuki Hisano; ccielab@groupstudy.com
> Subject: RE: Memory leak??
>
>
> We have had the same problems and it was caused by the
> W32Blaster worm and
> its variants. When a default route exists in the network, all of the
> erroneous IP scanning matches on the default route and causes
> excessive
> route caching which eats into memory resources.
> Also, if your logs contain memory allocation errors, then
> this may also be a
> good pointer that this is what is happening.
>
> IP accounting output-packets on the exit interface in the
> direction of the
> default route will show you which devices are scanning the IP
> ranges. Look
> out for single packet entries between two end systems with a
> byte count of
> 48 or 96.
>
> Turning off the ip route-cache on these interfaces may be an option to
> alleviate some of the issues, although extra burden will be
> placed on the
> CPU as a result.
>
> Best of luck!
> Darren
>
> -----Original Message-----
> From: Robert DuBell [mailto:bobdu11@cox.net]
> Sent: 05 September 2003 06:42
> To: Yuki Hisano; ccielab@groupstudy.com
> Subject: RE: Memory leak??
>
>
> It's probably being caused by the Nachi worm or some form of
> it. Put a Deny
> ICMP on all your LAN interfaces and see if the counters go
> through the roof
> ! Happened to us not long ago and that was the problem......Bobdu11
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> Behalf Of Yuki
> Hisano
> Sent: Thursday, September 04, 2003 9:01 PM
> To: ccielab@groupstudy.com
> Subject: Memory leak??
>
>
> Hi group,
>
> Lately, I am having trouble accessing(Telnet and Console)
> some of my routers
> with an error message of
> say " Memory low, try again!. " Since it happens so often
> lately, I was
> wondering if there are some people having the same issue.
>
> Please let me know if you have any idea.
>
> Thanks!
>
> Yuki
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Charles T. Alexander: "Reflexive Access List"
• Previous message: Olive, Darren: "RE: Memory leak??"
• Maybe in reply to: Yuki Hisano: "Memory leak??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:23 GMT-3