This is insane....we thought our network was being DDoS'ed today with half-opened SYN connections to all our webservers, but reviewing syslogs just before things went haywire it looks like we may have DoS'ed ourself with bad syntax in "debug packet" command.
Syslog shows some valid debug packet:
debug packet outside dst 192.168.1.1
then there's this one:
debug packet outside dst 69..0 netmask 255.255.255.0
Yes, "69..0 netmask 255.255.255.0"
CPU almost immediately went to 99%, and our IDSes showed a bunch of half-open SYN connections.
I'm afraid to test this in production again, but has anyone seen this before? Any comments (aside from the usual: check your syntax, Stupid)? :)
Joe