debug packet syntax error hosed my PIX?

Discussion in 'Cisco' started by googlenews, Feb 6, 2006.

  1. googlenews

    googlenews Guest

    This is insane....we thought our network was being DDoS'ed today with
    half-opened SYN connections to all our webservers, but reviewing
    syslogs just before things went haywire it looks like we may have
    DoS'ed ourself with bad syntax in "debug packet" command.

    Syslog shows some valid debug packet:

    debug packet outside dst 192.168.1.1

    then there's this one:

    debug packet outside dst 69..0 netmask 255.255.255.0

    Yes, "69..0 netmask 255.255.255.0"

    CPU almost immediately went to 99%, and our IDSes showed a bunch of
    half-open SYN connections.

    I'm afraid to test this in production again, but has anyone seen this
    before? Any comments (aside from the usual: check your syntax,
    Stupid)? :)

    Joe
     
    googlenews, Feb 6, 2006
    #1
    1. Advertisements

  2. I think your PIX thinks that you are trying to mix IPv6 address (69..0) with
    IPv4 subnet mask. Yes, it could be ugly and unpredictable.

    Good luck,

    Mike
    www.ciscoheadsetadapter.com
     
    CiscoHeadsetAdapter.com, Feb 7, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.