From: Teisberg, Evan (eteisbe@qwest.com)
Date: Thu Oct 02 2003 - 13:12:27 GMT-3
Arthur,
Here's a quick way to check to see if the issue is virus ICMP traffic
(likely).
Create a two line access-list:
access-list 101 deny icmp any any
access-list 101 permit ip any any
Apply the list in-bound on the LAN interface:
ip access-group 101 in
You will likely see thousands of hits on the "deny icmp any any" line of
the access-list in a short period of time when you do a "show
access-list".
I have seen the exact same thing happen on several routers. It can take
down a router with or without NAT running. It is likely a couple of
machines (or more) infected with Welshe or Nachi virus. It's amazing how
much traffic one or two machines can generate when infected with these
viruses.
HTH
-Evan.
-----Original Message-----
From: alee@cccis.com [mailto:alee@cccis.com]
Sent: Thursday, October 02, 2003 10:40 AM
To: ccielab@groupstudy.com
Subject: Cisco memory allocation problem--need advice
Has anyone seen the following message in your router log? On Sep. 29, a
couple of our remote routers, plus ISP router had the memory problem
suddenly. I saw someone posted router rebooted due to virus. Not sure
if
it's related. I think it's very likely since we never have the problem
before. Any advice? BTW, here the IOS we are running. IOS (tm)
C2600
Software (C2600-JS-M), Version 12.1(20). Thanks.
Sep 29 08:40:42 EST: %SYS-2-MALLOCFAIL: Memory allocation of 20000 bytes
failed
from 0x802AFFE0, alignment 0
Pool: Processor Free: 8471376 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
Arthur Lee
Senior Network Engineer
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:55 GMT-3