Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Bug Hardware

Major Flaw Found In Cisco IOS Devices 266

Joff_NZ writes "CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet), and Cisco have this advisory with a workaround and available fixes."
This discussion has been archived. No new comments can be posted.

Major Flaw Found In Cisco IOS Devices

Comments Filter:
  • Yet... (Score:5, Insightful)

    by jerw134 ( 409531 ) on Thursday July 17, 2003 @12:54AM (#6458981)
    There are apparently no known exploits (yet)

    I say we start a pool on how long yet will actually be, now that CERT released the info.
    • Re:Yet... (Score:3, Insightful)

      by jamesh ( 87723 )
      I couldn't glean from the article exactly what packet would cause the failure. The ACL that was given as a workaround permitted typical protocols (eg tcp, udp, icmp, etc) and blocked the rest. Presumably somewhere in 'the rest' lies the exploit but it's a big space to search.
      • From the cisco security announcement [cisco.com]:

        A rare, specially crafted sequence of IPv4 packets with protocol type 53 (SWIPE), 55 (IP Mobility), 77 (Sun ND), or 103 (Protocol Independent Multicast - PIM) which is handled by the processor on a Cisco IOS device may force the device to incorrectly flag the input queue on an interface as full, which will cause the router to stop processing inbound traffic on that interface.

        -- Jack

    • Re:Yet... (Score:5, Funny)

      by sleeper0 ( 319432 ) on Thursday July 17, 2003 @01:08AM (#6459030)
      Between this announcement and the microsoft one I know at least one of the fine readers out there has cancelled all of their appointments for the next three days and has a case of mountain dew and a copy of worms for dummies under their arm whistling happily.
      • Re:Yet... (Score:3, Funny)

        by Anonymous Coward
        I call a book that can whistle pretty damn smart - knock off the 'dummies' stuff, mmkay?
      • Between this announcement and the microsoft one I know at least one of the fine readers out there has cancelled all of their appointments for the next three days and has a case of mountain dew and a copy of worms for dummies under their arm whistling happily.

        Mountain dew, nah. The sugar makes me sleepy after 20 minutes. I prefer my caffiene to be like my soul: Dark, Bitter, and (slurp) Empty.

    • Re:Yet... (Score:5, Funny)

      by rf0 ( 159958 ) <rghf@fsck.me.uk> on Thursday July 17, 2003 @01:10AM (#6459036) Homepage
      I'm going to say an exploit by tommorow. End of the internet by Sat. All back to normal on Monday

      Rus
      • Re:Yet... (Score:5, Funny)

        by cscx ( 541332 ) on Thursday July 17, 2003 @01:21AM (#6459067) Homepage
        Yeah you would think more people would be using Juniper routers; however, I think they creepy-looking lady [juniper.net] on their homepage is a deterrent.
        • Ah but you forgot to link to the redemption page:

          goodstuff [juniper.net]
          warning this page requires 'flash' (virus?worm?entertainment?)
          • Re:Yet... (Score:5, Interesting)

            by Anonymous Coward on Thursday July 17, 2003 @03:49AM (#6459465)
            They have an awesome colletion of Anti-Cisco cartoons :)

            I think this one is on of the best:
            http://www.juniper.net/nettoons/03_1280.jpg

            (Just change the first number)
        • Re:Yet... (Score:2, Funny)

          by Jellybob ( 597204 )
          I'm scared.

          And I thought the ebay lady was a little weird... the juniper one looks like she knows where I live, and she's gonna come round and hack me to death when I least expect it.
        • Re:Yet... (Score:2, Funny)

          by BadElf ( 448282 )
          Isn't that the gym teacher from Porky's?
        • It's like she's staring right into my soul... *shivers*
        • Yeah you would think more people would be using Juniper routers


          Oh, Juniper makes great routers, but they're all carrier (ISP) class, or at least they all were when I trained on them. You're not going to find them used as customer CPE very often... and individual companies have the most to lose by this exploit, especially small ones whose ISPs maintain their equipment for them, who aren't rolling out fixes for all those small Ciscos now.

        • Re:Yet... (Score:3, Funny)

          by losmurfs ( 690253 )
          Just another example of using sex to sell products.
      • That would be great, because I'll go to a Lan Party this week-end so not having access to Internet during this period won't make me trouble at all :)
    • Re:Yet... (Score:5, Informative)

      by Anonymous Coward on Thursday July 17, 2003 @08:14AM (#6460183)
      ok folks, here's how it works. A specially crafted packet is sent to an interface on a router. This packet takes up space in the queue on the interface. Once a few of these packets fill up that queue no more traffic is able to pass thru the interface. You won't see a high utilization on the CPU, it'll just throw'em away. It's important to understand that the packet has to be directed to the interface on the router, not just merely passing through it. After the queue fills up (around 4k I'm thinking)the only way to empty it is to reload, if I'm reading correctly. From what I can tell, the large back bones got the notice a few days ago. Some lower tier players received it yesterday. And public disclosure supposed to happen tonite around 21:00 EDT or so. However, several major internet players all of a sudden performing emergency maintenance, was a bit obvious. Especially when companies known to employ lots of Juniper didn't seem to do much. Well, guess it wasn't that OBVIOUS, but...net-eng people are worse than a small town knitting group.
  • by Anonymous Coward
    hmm... the cisco page shows up as 50 pages of text in lynx, with the first 20 being useful.

    a four-hour timeout for IP-4 packets and you can do it
    remotely to almost ANY cisco device except those that are run as purely IP-v6. Seems more like a nuisance DOS exploit and hope not to see it.
  • by Nethead ( 1563 ) <joe@nethead.com> on Thursday July 17, 2003 @01:03AM (#6459015) Homepage Journal
    It's days like this I'm REALLY glad that I'm a unemployyed network engineer! This looks like a very serious headache!
    • by rf0 ( 159958 ) <rghf@fsck.me.uk> on Thursday July 17, 2003 @01:06AM (#6459027) Homepage
      I remeber the day Bind 8.2.2-P5 had an exploit come live. 24 hours and 56 servers later I finally managed to get to bed. Only to have to upgrade it all again a few days later.

      fun

      Rus
      • by Zapman ( 2662 )
        1) If you have 56 internet facing DNS servers, it might be time to re-visit your design (with the possible exception of very large ISP's). Given BIND's history of security flaws, minimizing exposure is key.

        2) With that many servers, if you're not doing it with package management (solaris pkgadd, rpm, deb, hp..., AIX..., etc... all of them have at least a rudimentry package management tool, even if it's tar), you might want to re-visit your design.

        3) Deploying BIND without some forthought is going to get
      • You should try MyDNS. Instead of farting around maintaining those REALLY cryptic config files, store all your DNS records in a relational database.

        Of course you REALLY want to lock down that database! (All of my servers clone a copy of a master database locked deep behind the firewall in my fortress of solitude. They also have iptables hooks to prevent ANYONE from accessing mysql except through the local socket.)

    • by Anonymous Coward on Thursday July 17, 2003 @02:30AM (#6459239)
      Pfft, you're a "network engineer" just like I'm a "computer surgeon" and that guy over there is an "electronics astronaut".
    • It's days like this I'm REALLY glad that I'm a unemployyed network engineer! This looks like a very serious headache!

      ... and since you're unemployed, this now more looks like an opportunity ;-)


    • It's days like this I'm REALLY glad that I'm a unemployyed network engineer! This looks like a very serious headache!


      I'm also an unemployed network engineer... with Juniper training, to boot. :) Which means, even if I was on the job, I probably wouldn't have to worry too much about this from outside my network, anyway.

  • Alternative (Score:4, Funny)

    by rf0 ( 159958 ) <rghf@fsck.me.uk> on Thursday July 17, 2003 @01:04AM (#6459017) Homepage
    This is why I always suggest alternatives to Cisco such as IP over Avian [ietf.org] and actual implementaion [linux.no] on Linux

    Rus
  • by Anonymous Coward on Thursday July 17, 2003 @01:06AM (#6459022)
    CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet)
    I wouldn't be so sure of that. A couple of days ago, my cable modem (and others in the area) started having problems where the connection randomly drops and it takes awhile to get it back. As if maybe a router somewhere has gone down and needs rebooted..

    If I fire up Ethereal to peek at the traffic, I notice that the arp who-has requests are labeled with a source of "cisco_f2" ...

    Wonder if someone has been pointing this sploit at cablemodem routers ??
  • Notice how both vulnerabilities, from Cisco and Microsoft, were not released to the public first. Instead the public announcement comes after the vendors have the patches.

    Exploits, anybody?

    • by eskimoboy ( 690127 ) on Thursday July 17, 2003 @01:20AM (#6459066) Homepage
      Sometimes, it's in the best interest of the public to have vulnerability information released directly when it is found out. It opens up the ability for hackers to create exploits before the manufacturers have a chance to find a way to stop it. Sure, releasing information on vulnerabilities for open source projects right away is usually a good idea, but that's due to the fact that with an open source project, the public has the ability to come up with a patch. In cases like these, perhaps it is best for the public to be left out until a proper solution or workaround has been developed by the vendors.
    • Sometimes it is in the best interest of the greater number out there not to be notified until after the patches are in place in critical places.

      Thinking about shutting down the Internet today ? I think I prefer to keep my job :-)

  • No Exploits My A$$ (Score:5, Interesting)

    by Anonymous Coward on Thursday July 17, 2003 @01:12AM (#6459040)
    AT&T has been having problems all over the west coast the last 4 days. Ill bet even money this is why. There last 2 emails state they had no clue what was causing it and that random reboot's of routers were to be expected.

    Im not Anonymous, Just Lazy.
    Crackers`n`Soup
  • by Valar ( 167606 ) on Thursday July 17, 2003 @01:24AM (#6459074)
    At least it only freezes the device. If you could make it send the same packet to some of it's router buddies, then freeze, this could get real bad, real fast.
    • Right. So you write your warhol worm using the MS Windows exploits revealed today. Make it so they communicate with each other p2p, and whenever you feel like it, give them the signal to freeze every cisco device they can find.

      You might be able to cripple big chunks of the internet every time you do it, and it's probably be a long time before all the zombies got fixed. Anybody out there run a webserver? How many Nimda/Code Red requests did you get today? Nimda wasn't even a very smart worm.
    • I don't think its status as a worm really matters much.

      All an individual has to do is something like this:

      1 - Generate a list of hosts on the net

      2 - Grab the first host off the list

      3 - traceroute to the host

      4 - send 10-20 of the "specially crafted packets" to each hop in reverse order

      5 - cache the IP addresses that have been used

      6 - Loop around and start again on the next host. Skip addresses that have already been done.

      Its not that hard folks. Get enough machines running something like the above a
  • by jgaynor ( 205453 ) <jon@gaAUDENynor.org minus poet> on Thursday July 17, 2003 @01:26AM (#6459084) Homepage
    Here's the reccomendation for a temporary workaround using ACls:

    Cisco recommends that all IOS devices which process IPv4 packets be configured to block traffic directed to the router from any unauthorized source with the use of Access Control Lists (ACLs). Legitimate traffic is defined as management protocols such as telnet, snmp or ssh, and configured routing protocols from explicitly allowed peers. All other traffic destined to the device should be blocked at the input interface.

    Does "A rare sequence of crafted IPv4 packets sent directly to the device" mean a sequence utilizing one of these three protocols? If so then frigging tell us! If not, this is just a vague precautionary warning that really won't stop any user inside the network from exploiting the bug.

    The TRUE details of the bug, including which protocol it uses, would help us put a nail in the coffin regarding the ACL workaround, but the Cisco bug tool isn't returning any information for the bugs they're talking about - specifically CSCea02355 and CSCdz71127.
    • Yes it is (Score:5, Insightful)

      by forged ( 206127 ) on Thursday July 17, 2003 @03:13AM (#6459363) Homepage Journal
      Actually, the proposed workaround works very well (it wouldn't be a workaround otherwise).

      Don't misunderstand traffic going THROUGH the router with traffic directed TO the router. You probably want to control the latter because as a good netadmin you should know that this is good practise.

      • You probably want to control the latter because as a good netadmin you should know that this is good practise.

        Proper filtering of packets trageted at the router helps to make it more robust against DoS attacks directed at the router itself. Actually, most people already have such filters in place (especially on IOS versions which support IP receive ACLs).
    • I have the impression you missed "... from explicitly allowed peers".

  • by Snoopy77 ( 229731 ) on Thursday July 17, 2003 @01:27AM (#6459092) Homepage
    While the army took time to celebrate the discover and safe return of Major Flaw it still maintained the need to continue the search for other missing top ranking officials. We spoke with a member of the search and recovery team soon after Major Flaw was discovered.

    "It is great to have found Major Flaw but we are still very worried about the others. Our job here is not finished." said Private Data.

    Colonel Panic has been spotted from time to time but the army has not yet been able to pinpoint his exact position. But the most gravest of fears are held for General Protection-Fault. Sightings of the General have been few and far between in the last few years. Some conspiracy theorists say that he is not actually missing but has disguised himself. Private Data would not confirm wether they are searching for a man of similar build to General Protection-Fault but dressed all in blue.
  • by Anonymous Coward on Thursday July 17, 2003 @01:39AM (#6459127)
    The claim that there are no exploits is false.

    Below is a note I received from my ISP about 2 hours before this was topic posted:

    =-=-=-=-=-=-=-=-=-=-=

    17/07/03 01.12 - 01.38 DOS Attack on Sydney PoPs

    Incident

    A DoS attack against the AN border router resulted in that router's CPU reaching 100% and triggering the same attack on the Perth gateway router which in turn brought down the Comindico Border router

    Action

    While all of the hardware remained 'up' nothing could be authenticated and therefore all traffic through the Sydney PoP ceased.

    Resolution

    Swiftel Engineering rebooted the Perth Gateway router clearing the DoS packets and that in turn allowed the Sydney routers to rebuild the BGP4 tables thus restoring the ability to process customer traffic.

    Result

    By 1.38 pm all traffic was flowing normally.

    Future Elimination Of This Problem

    The elimination of this type of new DoS attack has just been recognised and released by Cisco (today) and the workaround and fixes are documented in:

    http://www.cisco.com/warp/public/707/cisco-sa-20 03 0717-blocked.shtml

    We are considering whether to implement the workarounds which may impact traffic such as ICQ and some games or upgrade the IOS's in all of our Cisco equipment.

    We will inform you when that decision is made.
  • by dekashizl ( 663505 ) on Thursday July 17, 2003 @01:42AM (#6459134) Journal
    This is actually good news for Cisco, because security holes like this [slashdot.org] appear to be a prerequisite for getting a large Department of Homeland Security contract [slashdot.org].
  • It is nearly midnite on the left coast and the updates for this bug are still not available for download.

    Also interesting to note is that the top of the Cisco Advisory had a release date of 7/17 00:00 GMT. But the bottom said that it would not be published to the public until 7/17 21:00 GMT.

    Why the release 21 hours ahead of schedule? Especially since you can't d/l the patches!!
  • by mino ( 180832 ) on Thursday July 17, 2003 @02:09AM (#6459195) Homepage
    "Like millions of sysadmins cried out in terror -- then were silenced."
  • wow (Score:4, Interesting)

    by revmoo ( 652952 ) <slashdotNO@SPAMmeep.ws> on Thursday July 17, 2003 @02:09AM (#6459196) Homepage Journal

    Sounds pretty bad.

    I got this email earlier:

    Special Emergency Service Affecting Maintenance Dear Cogent Customer, With this message, we are notifying you of a special, emergency maintenance that will affect your service beginning at 3:00 a.m. tomorrow, Thursday July 17. The service outage you will experience is expected to be ten minutes or less. Cogent Communications takes very seriously its responsibility for maintaining a robust, well-performing network, and only due to extreme circumstances would we ask your indulgence for an emergency maintenance of this type. Please be assured that Cogent engineers will do everything possible to minimize your down time and its associated inconvenience. If you have any problems with your connection after this maintenance is complete, or if you have any questions regarding the maintenance at any point, please call Customer Service at 1-877-7COGENT and use this work order number: XXXXXX. We sincerely appreciate your patience and welcome any feedback. We apologize for the short notice.

    Thank you for being a Cogent customer.

    Sincerely,
    Customer Support
    Cogent Communications

    And was wondering what was up. Been hearing about a lot of router issues from various people. Lets hope this gets wrapped up quickly.

  • by flirzan ( 133046 ) <<gro.scilohohcysp> <ta> <nazrilf>> on Thursday July 17, 2003 @02:12AM (#6459203) Homepage Journal
    ...on NANOG most of the day today. It looks like Cisco discovered the vulnerability in their own testing, notified major backbone providers (AT&T, Qwest, Sprint, L3, etc), who then scheduled emergency maintenance, which in turn tipped off savvy network engineers all over the place, who started wondering what was up, which in turn generated enough interest that bits and pieces leaked, and I bet Cisco figured better to release the advisory now and end the speculation than to wait till tomorrow. As for the "no exploit available", I had a router with an uptime of many many moons hang for no apparent reason tonight...while working on that I found the cisco advisory in my inbox. Could be a coincidence, but it's a strange one.
  • by rsmith-mac ( 639075 ) on Thursday July 17, 2003 @02:17AM (#6459213)
    With this exploit now out there(at least in theory anyway), I guess the question now becomes what can we expect from it. Assuming that a black-hat or someone else of an infamous nature figures out this exploit, what are the ramficiations that we can expect? Obviously, many routers are owned and run by compotent admins, but with all the Cisco routers out there, it's niaeve to believe that all of the routers will be fixed before someone exploits this. Given that, what does everyone suppose will happen to the internet as a whole? The core routers will most likely be fixed ASAP, but there's always the problem of the "oopps, I forgot that one" router. Will this exploit become the ever-lasting Code Red(in terms of network problems), or will its threat blow over just like Code Red?
  • by Anonymous Coward on Thursday July 17, 2003 @02:37AM (#6459266)
    What I really wonder wonder about is whether the vulnerability has been kept under wrap by the the Department of Homeland Security, just like they did with the Sendmail vulnerability of a short while ago, which was kept from the world for a couple of weeks. The US-military had at least a full week maintenance time before the rest of the world got it.

    As a non-american I found this quite disturbing, since certainly with the Sendmail vulnerability, there was a risk of this being exploited by the US-governement against foreign nations. NOw, I know I am just being paranoid, but it does freak me if this would become standard operating procedure: 1. Vulnerability discovered 2. US government given ample time to protect itself 3. US government makes use of vulnerability 4. Us gov releases it to friendly nations 5. You get notified.
  • by AaronW ( 33736 ) on Thursday July 17, 2003 @02:49AM (#6459299) Homepage
    Why not just filter out all the packets with the evil bit set? This should fix the problem.
  • duh (Score:2, Insightful)

    by blosphere ( 614452 )
    Well, I can safely predict that alot of the 12xxx routers are going to reload/have reloaded already. At least if you don't have a Juniper sitting on your core, you most likely have 12xxx series one. And try to apply an acl on their interfaces... bye bye router :)
  • by flirzan ( 133046 ) <<gro.scilohohcysp> <ta> <nazrilf>> on Thursday July 17, 2003 @02:58AM (#6459327) Homepage Journal
    To all Internap customers:

    Cisco Systems has released to the public notification of a vulnerability
    in many versions of Cisco IOS which can create a Denial of Service on an
    affected router. The details of the advisory can be viewed at the
    following link:

    http://www.cisco.com/warp/public/707/cisco-sa-20 03 0717-blocked.shtml

    No exploits which target this vulnerability have yet been identified.

    Prior to the public notification, Cisco had contacted their major NSP
    customers including Internap to inform us of this vulnerability. Internap
    has identified IOS versions with the appropriate fix for the platforms in
    our network and scheduled upgrades to our routers. Customers will receive
    notification shortly of the window in which the routers you are homed to
    will be upgraded. Due to the severity of this vulnerability these
    upgrades are being performed as emergency maintenance.

    Customers with questions about the possible impact of this vulnerability on
    their own equipment are urged to read the notice at the link above or to
    contact Cisco directly.
  • by xQx ( 5744 ) on Thursday July 17, 2003 @03:09AM (#6459352)
    Wow, It's times like this I'm happy I'm not a sysadmin for a DSL service provider with heaps of customers with 827s around. ... oh wait.

    Boss. I'm at the pub.
  • Dilbert (Score:4, Funny)

    by forged ( 206127 ) on Thursday July 17, 2003 @03:34AM (#6459427) Homepage Journal
    Today's strip [unitedmedia.com].

    Boss: Look what one of our engineers said to a reporter !
    Dogbert: (reading) "Our technology is putrid, but we compensate by ignoring complaints."
    Boss: You know what would be more fun than fixing those problems ?
    Dogbert: WITCH-HUNT !!!

  • by Anonymous Coward
    Sorry if this is a dumb question, but are DSL and other broadband router devices running CBOS 2.x.x such as Cisco 675 and 678s vulnerable or is CBOS a different critter with different TCP packet handling code?
  • Interesting.... (Score:3, Informative)

    by slayer99 ( 15543 ) on Thursday July 17, 2003 @04:28AM (#6459546) Homepage
    "Obtaining Fixed Software

    Customers with contracts should obtain upgraded software free of charge through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on the Cisco worldwide website at http://www.cisco.com/tacpage/sw-center/sw-ios.shtm l.

    Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with obtaining the free software upgrade(s).

    Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.

    +1 800 553 2447 (toll free from within North America)

    +1 408 526 7209 (toll call from anywhere in the world)

    e-mail: tac@cisco.com"

    So, if I understand this correctly, if you've given Cisco money for hardware _and_ given Cisco money for a support contract, only then can you get hold of the fix. Neat.
    • Re:Interesting.... (Score:3, Informative)

      by ckan ( 598107 )
      I had previously called tac@cisco.com for security patches for our Cisco devices not covered by any service contract. The response was quick, and the quality of service was very high. I got the patches I wanted very quickly without paying a cent! It was really a good experience.
  • No Exploits? (Score:5, Insightful)

    by grimani ( 215677 ) on Thursday July 17, 2003 @05:13AM (#6459657)
    What does "no exploits" mean?

    No script kiddy tool for it yet?
    Nobody's used it yet to take down routers?

    Because the security advisory sure sounds like it's discovered an "exploit" on Cisco IOS routers to me.

    Any self respecting coder can whip up something homemade to take advantage of the issue.

    Is "no exploits" yet supposed to make us feel safer?

    If a security hole is there, it's vulnerable. Calling it "unexploited for now" is just misleading and confusing.
  • by martin ( 1336 ) <maxsec@nosPaM.gmail.com> on Thursday July 17, 2003 @07:35AM (#6460008) Journal
    Now let us step back a little.

    IF this had happened to our friends at Redmond (what do you mean 'if' :-) then we'd all be crying about how homogeneous networks/OS's etc are bad for security.

    Now it's happened to a vendor with probably more pieces of kit attached to the public internet than anyone else (by a long chalk IMHO).

    Do we cry, bad Cisco bad, no we just look at all the poor network admins who will get no sleep for the next 2 days....

    Perhaps NOW people wil start looking at alternatives to Cisco.

    Don't get me wrong I love Cisco kit, but I think the risk of Cisco everywhere is just about to hit home...
    • Hear hear.

      If the network hardware would say to you, "Hey I had a flaw, but already downloaded the patch for it. Want me to install it?" like Windows does, this wouldn't be so bad.

      Seriously - Microsoft's auto-update system for Windows is fantastic. I get the patch for a bug before I see it on /., and before my sys admin people even have sent out the mass mail to everyone notifying us there's a new patch. It's fantastic, painless, and it works - well.

      • for 'home' users may the auto update thing is good, but given the poor quality of MS-updates for servers (Service packs, patches etc) I'd rather it not do it for critical stuff like core servers without running through a test system.
  • I have seen this behavior on several of my systems on interfaces where I *know* the customer is not intentionally sending bad packets. I resolved the problem by disabling fair-queueing on the interfaces where this tended to happen.

  • by Seydlitz ( 690174 )
    (For Americans and others; the NHS is a country wide health service that treats everyone. It's on a WAN, called NHSnet. For that reason, any netowrk problems are very serious, as it means hospitals are almost totally unable to function.(for the record, internal IP's start with 10.1.xxx))

    Toured a local NHS facility yesterday, when they were recovering from a total internal crash that cut off all internal network traffic, as well as external traffic in and out.

    The crash was caused by a halt in network traff
    • I can't really belive that the servers would be that badly configured.

      I believe the NHS's IT is run by Crapita. an extremely poor provider of ITC "solutions". Private Eye has been banging on about them since time began, but the upshot is I can very easily believe they were that badly configured.

  • Ironically, the ad at the top of this Slashdot page that I'm viewing is:

    Up to 85% off Cisco 2501
    Save on Used Cisco Equipment Routers, Gbics, Modules & more.
    www.bizinetworks.com


    Used Cisco Routers
    Used/Refurbished Cisco Routers save up to 90% off retail price.
    www.networkliquidators.com


    Cisco Switches
    Compare Prices and Save Money. Find the best deals at BizRate.com!
    www.BizRate.com

    *Ahem*! -Ocelot Wreak.

  • Amazing (Score:3, Interesting)

    by grayantimatter ( 617833 ) on Thursday July 17, 2003 @10:52AM (#6461780)
    I think it's amazing how so many people posting here want to assume/believe that ANY slight hiccup on ANY network ANYWHERE in the last week is a direct result of this issue.
  • ...something was up at lunch on Tuesday. Our Cisco SE said he couldn't say what it was until 5pm that day. Apparently about 20-30 big networks were contacted then and only a few (100) people at Cisco itself knew.
  • I think they should upgrade my IOS version out of good faith ;)

  • From: Hembree, Daniel [mailto:Daniel.Hembree@Level3.com]
    Sent: Thursday, July 17, 2003 10:39 AM
    To: undisclosed-recipients
    Subject: Level(3)

    _______________________________________________ _ __ _________________
    As you may be aware, Level 3 performed significant maintenance to Cisco
    routers in our Network over the past two evenings. Due to restrictions in
    our contract with Cisco, we were not at liberty to share with you the nature
    or details of the pending work. Additional information can now be shared.
    Level 3 Comm

I've noticed several design suggestions in your code.

Working...