Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
0
Helpful
4
Replies

Switch 3750-X Vulnerability

rezende.c
Level 1
Level 1

‎07-20-2012 11:00 AM - edited ‎03-07-2019 07:53 AM

Hi all,

   I had a bad expirience with Switch 3750-X. Because of an auditing security processess, my customer ran a software called "Nessus" to do a scanning of vulnerability on the network. When this software is point to switch, the process of the switch will next to 100% and reset. The software only do a listening on the ports to see what ports are opened and the switch should not reset because this.

Bellow is the log os switch on the moment of test; we note that the processess 'HTTP' rise moments before the switch reset. I disable the HTTP service on switch but the problem persist. The test was made only one machine connected to switch.

I open a case on TAC a more than 2 months and until now, no solution.

Somebody have an idea?                

regards,

Claudio

      44999997777744444333331111111111          111113333333333333

      335555566666555550000033333222228888899999111116666677777444

  100   *****

   90   *****

   80   **********

   70   **********

   60   **********

   50   ***************

   40 *****************                              **********

   30 **********************                         ***********

   20 **********************                         ***********

   10 **********************************************************

     0....5....1....1....2....2....3....3....4....4....5....5....6

               0    5    0    5    0    5    0    5    0    5    0

               CPU% per second (last 60 seconds)

     

SW-CORE#sh processes cpu
CPU utilization for five seconds: 29%/0%; one minute: 36%; five minutes: 28%

284       21629        4487       4820 50.55% 19.24%  5.36%   0 HTTP CORE

Labels:
0 Helpful
4 Replies 4

glen.grant
VIP Alumni
VIP Alumni

‎07-20-2012 01:24 PM

Sorry think only the tac and the developers could answer something like that , it's a code execution issue.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎07-21-2012 10:40 PM

What IOS is the 3750X running on?

Do you have an ACL enabled?  If you don't, then you need to consider this.

0 Helpful

hobbe
Level 7
Level 7

‎07-22-2012 03:19 AM

Very very interesting.

what ios version and type (lan/ipbase/services)?

What ip adress did you point at ?

Was it a adress on the switch or the management port ?

Was the Https also stopped or just the Http ?

This is a big thing if it works the way you have explained.

Have you tried to set access-lists to not allow traffic to that ip/port (as leo suggested) ? Does it work ?

is this reproducable from another subnet or just the same subnet as the switch ip is in ?

any other information you can supply us with ?

/Hobbe

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to hobbe

‎07-22-2012 03:44 AM

Hi Rezen,

I guess the 3750 is running with old IOS 12.2(44)SE1 or the older IOS??? Please let me know what IOS version is running on that switch???

Please do rate if the given info helps.

By

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card