('binary' encoding is not supported, stored as-is) A client experienced an outage today on their Cisco 2651 router (IOS version IOS (tm) C2600 Software (C2600-I-M), Version 12.2(5d), RELEASE SOFTWARE (fc1). Pings to the router failed with either timout or TTL expired in transit messages from hops 2-3 upstream of the router. Tracerts would timeout on the serial interface. Investigations internally found machines just downstream of the router couldn't even ping the internal ethernet interface of the router. A power cycle did not solve the problem, and for some time the router would timeout for around 2-3 minutes, then respond for 1 minute, then timeout again. I was unable to get on site with Syslog/Ethereal/Snort etc. and by the time I was onsite the problem had stopped. Does this sound like a DOS attack? I can't think of any config/hardware problem that could cause symptoms like this, but I don't want to jump to conclusions. Tomorrow there will be a machine with RealSecure PC Protection, Snort, Kiwi Syslog Demon and Ethereal sitting there waiting! Cheers for any help provided. Richard ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 09:14:42 PDT