cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
345
Views
0
Helpful
1
Replies

smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any pred

Dr.X
Level 2
Level 2

Hello Cisco Team , 

 

we have Cisco 3560 with logs below, wondering if its DOS attack or SMI bug exploitation trial?

During logs below, the CPU is 100 % and constable SW .

3560G#sh version
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 21-Apr-10 05:33 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02E00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

3560G uptime is 5 days, 2 hours, 7 minutes
System returned to ROM by power-on
System image file is "flash:/c3560-ipservicesk9-mz.122-53.SE2.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560G-48TS (PowerPC405) processor (revision D0) with 131072K bytes of memory.
Processor board ID FOC1245W1F1
Last reset from power-on
26 Virtual Ethernet interfaces
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3560G-48TS 12.2(53)SE2 C3560-IPSERVICESK9-M


Configuration register is 0xF

------------------------------------------

Logs are below :


Could be an attack, closing connection
*Mar 5 1993 07:25:07 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:07 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:07 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:08 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:08 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:08 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:08 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:25:51 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 07:52:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr_cont:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:49 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:13:50 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:14:32 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 08:21:06 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr_cont:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 09:58:27 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr_cont:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:47:53 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:48:11 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined
Could be an attack, closing connection
*Mar 5 1993 11:48:18 GMT+3: VSTACK_ERR:
smi_socket_recv_read_hdr:!!!Msg_hdr type is not matching with any predefined



1 Reply 1

Dr.X
Level 2
Level 2

Can i just disable the VSTACK and ports be closed instead ?

tried with :

no vstack director
no vstack



show vstack config
Role: Client
Vstack Director IP address: 0.0.0.0

*** Following configurations will be effective only on director ***
Vstack default management vlan: 1
Vstack management Vlans: none