From: tarkhil@over.ru [mailto:tarkhil@over.ru]> On Wed, Aug 20, 2003 at 01:12:51PM +0400, tarkhil@over.ru wrote: > > 10-20 minutes of work. New processes doesn't create anymore, processtrying> > to fork looks in top having -20 PRI and "temp" STATE. I was unable tofind> > I've got infected computers in my network. When ipnat mapping > table grew to > 39000+ entries, described effect appeared. > > Anyway, it should not behave that way.Should it? Worms are known to be a NAT killer on dedicated routing platforms. I am facing customers every other day complaining about their Cisco router performance which usually turns out to be caused by virii. (In particular these days.) Sure it shouldn't be, but that's fighting the symptom, not the root cause. Helge
Alex Povolotsky
2003-Aug-21 03:03 UTC
Strange fork-related problem: acutally, virus-related
On Wed, 20 Aug 2003 22:07:43 +0200 "Oldach, Helge" <Helge.Oldach@atosorigin.com> wrote: OH> > OH> > Anyway, it should not behave that way. OH> OH> Should it? Worms are known to be a NAT killer on dedicated routing OH> platforms. I am OH> facing customers every other day complaining about their Cisco OH> router performance OH> which usually turns out to be caused by virii. (In particular these OH> days.) It, speaking RFC-like, MUST NOT hang the computer. It MUST issue diagnostics like "NAT state table overflow, disabling NAT for 192.168.0.104", or just "NAT state table overflow" before hanging. I've spend about a workday fighting that problem... But I SHOULD ask about it in ipfilter's mailing list... -- Alex.