debug packet syntax error hosed my PIX?

- G
- googlenews
  
  Contact options for registered users
posted
18 years ago

Mon, Feb 6, 2006 11:01 PM

This is insane....we thought our network was being DDoS'ed today with half-opened SYN connections to all our webservers, but reviewing syslogs just before things went haywire it looks like we may have DoS'ed ourself with bad syntax in "debug packet" command.

Syslog shows some valid debug packet:

debug packet outside dst 192.168.1.1

then there's this one:

debug packet outside dst 69..0 netmask 255.255.255.0

Yes, "69..0 netmask 255.255.255.0"

CPU almost immediately went to 99%, and our IDSes showed a bunch of half-open SYN connections.

I'm afraid to test this in production again, but has anyone seen this before? Any comments (aside from the usual: check your syntax, Stupid)? :)

Joe

Loading thread data ...

- C
- CiscoHeadsetAdapter.com
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Feb 7, 2006 2:18 AM

I think your PIX thinks that you are trying to mix IPv6 address (69..0) with IPv4 subnet mask. Yes, it could be ugly and unpredictable.

Good luck,

Mike

formatting link

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.