From: McClure, Allen (Allen.McClure@Yum.com)
Date: Thu Oct 02 2003 - 11:33:00 GMT-3
Depends which virus you're talking about, but in general it's a memory
issue related to the quantity of half-open connections being generated.
For TCP connection issue, you might try TCP Intercept. I've recommended
its deployment here, but we're shy on code/dram on many routers. Not
sure if that'll help, but I'm betting it will considering how many
half-opens I'm seeing when these things are active.
For the ICMP ones, you might try blocking anything specific that you can
isolate about the virus. If I remember correctly, Welchia utilizes
92-byte ICMP echos. Easy enough to drop without impacting normal ICMP
operation. Rate-limiting ICMP is also something we're considering.
We're using a combo of PIX Firewalls and FW-1 running on SunOS. The Sun
buckles quite harshly when a virus gets on even a single internal
system.
Allen G. McClure
CCNP/CCDP/MCSE
Yum! Brands, Inc.
Sr. Network Analyst
allen.mcclure@yum.com
-----Original Message-----
From: Gracie Pereira [mailto:goa0201@yahoo.com]
Sent: Thursday, October 02, 2003 8:41 AM
To: ccielab@groupstudy.com
Subject: ROuter Reboot due to Virus !!
HI everybody,
We manage cisco 3660 routers with ver 12.2(2) XB5 version.
due to recent virus attacks , the router keeps rebooting . after staying
up
for couple of hours , we tried blocking the virus ports ..but no help.
Its now affecting couple more routers.Is there any way to stop it before
the router gets affected and start reloading on it own.
Trying a lot of possibilites . If anyone has any recommendation to this
issue
pls share the info..
thanks
goa0201
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:55 GMT-3