nanog mailing list archives
Re: Patching for Cisco vulnerability
From: Daniel Roesen <dr () cluenet de>
Date: Fri, 18 Jul 2003 21:57:57 +0200
On Fri, Jul 18, 2003 at 03:31:25PM -0400, Jared Mauch wrote:
12.0(21)S* (at least S5 and above) have broken SNMP interface counters and Cisco refuses to fix the bug in 12.0(21)S*, so people who don'tDo you have a DDTS I can reference?
Not handy, but from cisco-nsp Archives I've found CSCea35259 and CSCdy30984, and a reference to CSCea63754 which I can't take a look at in BugToolkit. Symptom: SNMP output octet counter stops counting traffic (except some control plane traffic it seems), with every few days jumping by weird amounts producing such funny things like 150mbps spikes on a FE interface. I've seen a box with a nicely loaded FE (30-70mbps) which took (reproducably) just about 48 hours to have this interface stop counting. If this would have been a customer interface, it would have meant "reload router every two nights or lose money". This bug is supposed to be (finally) fixed in 12.0(25)S1. Given that you a) don't want to lose money and b) don't want to do two whole-network upgrades within a short time, going to 12.0(21)S7 to fix the vulnerabilty is no real option, so people are more or less forced to put their networks on bigger risk by going from 12.0(21)S* to (25)S1. Regards, Daniel
Current thread:
- Patching for Cisco vulnerability Irwin Lazar (Jul 18)
- RE: Patching for Cisco vulnerability Bob German (Jul 18)
- Re: Patching for Cisco vulnerability Jared Mauch (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Jared Mauch (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Larry Rosenman (Jul 18)
- Re: Patching for Cisco vulnerability Petri Helenius (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Stephen J. Wilcox (Jul 18)
- Re: Patching for Cisco vulnerability Jason Frisvold (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Petri Helenius (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Curtis Maurand (Jul 18)