You may want to check - http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml -g On Wed, 21 May 2003, Luciano Z wrote: > Hi! > > I was responding an incident last night and saw a > strange performance problem with a cisco 7200. > > When I issued a "sh interface" on the two fast > ethernets of my box it was show that I got only 6Mbps > traffic and normal packet per second rate but when I > "sh logg" the box I got a lot of > "%RCMD-4-RSHPORTATTEMPT: Attempted to connect to > RSHELL from x.y.z.w" messages with spoofed sources. > > Investigating a little more I discovered that this > traffic was pushing the CPU to 98% to 100% of > utilization. Back to the output of "sh logg" I saw > that the box was logging 2 to 3 RSHELL messages per > second. In my opinion this coulndīt affect the CPU so > much. The router have 256M of RAM and itīs a 7200! > > I coulndīt gather more info about this incident > because it stopped before I could get the data. The > strange thing itīs that the high CPU utilization > stopped too. > > I donīt know if this is a problem of this cisco model > or if Iīm missing something. Any ideias? > > [] > lwulff > Glenn Forbes Fleming Larratt Rice University Network Management glrattat_private ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 10:27:51 PDT