×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco bug or virus - any workaround ?

Unanswered Question
Nov 25th, 2003
User Badges:

I there any latest cisco bug or virus that may affect the Cisco Router memory and cause it to stop processing ?


Yesterday we had a problem with one of our routers. When we try to access the console it comes up with this error message:



4d04h: %SYS-2-MALLOCFAIL: Memory allocation of 12000 bytes failed from 0x60435A0

-Process= "TTY Background", ipl= 0, pid= 19

-Traceback= 6040CC58 6040E120 60435A5C 60430BD8 60423EA4 60358094 60358900 60380

4d04h: %SYS-2-CFORKMEM: Process creation of Exec failed (no memory).

-Process= "TTY Background", ipl= 0, pid= 19

-Traceback= 60430C58 60423EA4 60358094 60358900 60389BB8 60389C24 6038A0C0 60400

%% Unable to create EXEC - no memory or too many processes

%% Unable to create EXEC - no memory or too many processes

%% Unable to create EXEC - no memory or too many processes

Today this has happen to all our routers and they stop processing which prompt us to reload this routers.


I have got the show memory summary, show logging ,and show tech support on these routers and could send it if needed. I have got a PDF from the cisco site title Cisco-Troubleshooting Memory Problems and currently reading it


Is there a link on Cisco site where it keeps on updating the Security Advisory or virus that will affect cisco ? Please let me knnow


would really appreciate if someone could help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
utawakevou Sun, 11/30/2003 - 11:49
User Badges:

Thank you very much for your help. We found out that this is due to a worm. I plug Ethereal Network Analyzer between the router and the ethernet and found out a strange ICMP traffic. What I found out tell me that it is a worm. Here is waht I get out from my observation. The infected PC/server will scan the routing table and pick out an invalid route(not in the routing table. Then it will start to send ICMP traffic (Echo (ping) request to that invalid subnet (not in the routing table) starting from the lowest IP address to the highest. This I think increase the CPU process of the router and it will start to beg for more memory. I think when there is not enough memory it will stop the router process which gives us no option but to manually reload the router.


So what we did is pick out individual PC doing that flood ping and patch it up with RPC DCOm patch


Anyway, thanks for your help

Actions

This Discussion