On Fri, 12 Sep 2003, Petri Helenius wrote:
> > Stephen J. Wilcox wrote: > > >Hi, > > we've seen this.. yuo need to make sure you filter the nachi worm 92 byte icmp > >echo's on your interfaces and it will be fine. The problem seems to be input > >buffers which use all the memory up for some reason. > > > > > This sounds vaguely similar to the recent IOS buffers stuck issue. No, its quite different 1: On the vuln. the buffer filled up and could not be emptied without a reboot On nachi the buffer doesnt seem to fill and an acl or shutting the interface will solve the problem whilst the router stays up 2: On the vuln. the outcome was that the particular interface stopped forwarding traffic On nachi the router runs out of main memory and starts dropping processes because of malloc failure FYI I have only encountered the nachi problem on a few PE routers which were old and had little memory anyway eg Cisco 2500.. presumably the buffer filling isnt a memory leak and providnig there is enough spare memory the router wont be affected in this way. Steve