Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
2
Replies

PIX 515E memory leakage issue under Nachi ICMP ping

hon-cheong.wong
Level 1
Level 1

‎11-06-2003 08:22 AM - edited ‎02-20-2020 11:05 PM

I worked with a PIX515E-resticted bundled package (i.e. 32M RAM and 3 interface). Recently I found that there a large amount of ICMP from two to three workstations from the outside interface (the regional office) to my inside network (An access-list has already added in the outside to deny ICMP ping). After a detail checking, the problem may caused by the connection cache information in the PIX. Based on cisco recommendation, I changed the timeout connection into 30-minute, but the problem still occured if a certain number on continue ICMP ping issed from the outside network.

Is there any method I can resolve that issue as the PIX seem to be more powerful rather than issue occured with a small number of DDos workstations (2 to 3 workstation only).

0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎11-06-2003 01:24 PM

Hi,

Why don't you fix those 3 PCs? You can make access-list to block ICMP traffic!

You can also use "ip verify unicast reversepath inside" command to block spoofed traffic.

No matter how much powerfull PIX you have, these attacks can generate excessive amount of traffic towards the inside/outside networks and can choke down the internet link as well as any device in between. If the packets are not blocked on the interface then the device is obliged to process them, hence taking the CPU utilization.

Thanks

Nadeem

0 Helpful

hon-cheong.wong
Level 1
Level 1
In response to nkhawaja

‎11-06-2003 05:37 PM

Hi nkhawaia,

There is a operation issue to fix those 3 PCs as it controlled by Corp's Administrator and I can only provide advise and notify on that issue. Beside I have apply the access-list to deny all the ICMP echo and echo-reply (exclude some administration node).

Thanks for your recommendation on the commannd and I will try this to check whether the preformance can improved.

Also, as checking from the configuration for the PIX (the PIX is configurated by another parties and I just provide the on-going O&M role). For the issue I found that, one of the abnormal observation is found. The attack can cause the memory dropped from 12M to serveal hundred k byte while the CPU utilization is remains at low utilization and the memory sometime can release if I apply the command CLEAR XLATE.

Another other recommendation can provided beside of the above command ? Thanks in advance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card