Re: ROuter Reboot due to Virus !!

From: Ken Diliberto (ken@kdmd.net)
Date: Thu Oct 02 2003 - 11:11:06 GMT-3

• Next message: Pun, Alec CL: "rate-limit and class-based policing"
• Previous message: Pierre-Alex: "Re: BGP confederation metric rule"
• Maybe in reply to: Gracie Pereira: "ROuter Reboot due to Virus !!"
• Next in thread: Gracie Pereira: "Re: ROuter Reboot due to Virus !!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Unplug it from the network? :-)

We have several Cat5k RSMs that suffer the same problem. I'm running
the ICMP route-map to drop all 92 byte ICMP packets, which helps a
little (ok, more than a little). But otherwise, the router still
reports low memory conditions then becomes unresponsive.

Now that I think about it, they might not actually reboot. We are
running dual RSM's in HSRP. I think when one gets bogged down and stops
responding, the backup kicks in and allows the primary to recover
without actually rebooting. Not much difference, though. I've had to
manually reboot them when they decide not to allow me telnet or session
access.

One thing I haven't tried is rate-limiting the traffic. Under normal
conditions the routers are able to handle the load - even from the dorms
  (3000 students all wanting to run peer-to-peer software). All it
takes is a small handful of machines to kill them now. We've upgraded
to 6500s which seem to handle the traffic better. You probably can't
justify upgrading your 3660s to 6500s, though.

One thing I've done that provides some useful information is apply
access-lists that stop spoofing and report the MAC address of a machine
attempting to do so. That at least gives us something to track down.

Since I seem to be rambling this morning, I'll stop here.

Ken

Gracie Pereira wrote:

> HI everybody,
>
> We manage cisco 3660 routers with ver 12.2(2) XB5 version.
> due to recent virus attacks , the router keeps rebooting . after staying up
> for couple of hours , we tried blocking the virus ports ..but no help.
>
> Its now affecting couple more routers.Is there any way to stop it before the router gets affected and start reloading on it own.
>
> Trying a lot of possibilites . If anyone has any recommendation to this issue
> pls share the info..
>
> thanks
> goa0201
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Pun, Alec CL: "rate-limit and class-based policing"
• Previous message: Pierre-Alex: "Re: BGP confederation metric rule"
• Maybe in reply to: Gracie Pereira: "ROuter Reboot due to Virus !!"
• Next in thread: Gracie Pereira: "Re: ROuter Reboot due to Virus !!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:55 GMT-3