Vulnerability

    CISCO

Affected

    CISCO

Description

    Andrew  Lancashire  found  following.   He  ran  nmap  with   ICMP
    discover  and  standard  tcp  scan.   He  ran the scan against the
    entire 10.0.0.0 network range.  Although we were only looking  for
    2 ports, he  found that the  RSM in our  5500 series (his  default
    route) was running  out of memory  and had to  be rebooted by  our
    Network Services group  multiple times in  the 18 hour  stretch it
    took to complete.   One of the interesting  things is that he  was
    only generating about 3-5 Mbs and the 5500 can pass Gigabits.

    Cisco was able  to reproduce the  problem in their  labs, but only
    under specific conditions.   At this point,  the customer has  not
    been able  to confirm  or deny  the configuration  items in effect
    during this problem.  Essentially what they found was that if fast
    switching was in use, and if there are multiple equal cost  routes
    for the same destination, the router will install host routes  for
    each destination to ensure load balancing across equal cost paths.
    Under these conditions,  scanning an entire  class A network  will
    use up all of the routers memory in short order.

Solution

    To avoid this problem, it is recommended using CEF (Cisco  Express
    Forwarding) which handles equal  cost paths differently, and  more
    efficiently than the fast switching model detailed above.  CEF  is
    available in IOS version 12.0 for most platforms.