debug packet syntax error hosed my PIX?

Discussion in 'Cisco' started by googlenews, Feb 6, 2006.

  1. googlenews

    googlenews Guest

    This is insane....we thought our network was being DDoS'ed today with
    half-opened SYN connections to all our webservers, but reviewing
    syslogs just before things went haywire it looks like we may have
    DoS'ed ourself with bad syntax in "debug packet" command.

    Syslog shows some valid debug packet:

    debug packet outside dst

    then there's this one:

    debug packet outside dst 69..0 netmask

    Yes, "69..0 netmask"

    CPU almost immediately went to 99%, and our IDSes showed a bunch of
    half-open SYN connections.

    I'm afraid to test this in production again, but has anyone seen this
    before? Any comments (aside from the usual: check your syntax,
    Stupid)? :)

    googlenews, Feb 6, 2006
  2. I think your PIX thinks that you are trying to mix IPv6 address (69..0) with
    IPv4 subnet mask. Yes, it could be ugly and unpredictable.

    Good luck,

, Feb 7, 2006
