Guest

Preview Tool

Cisco Bug: CSCtb48915 - Established Flood attack on port 1000/1004/65000 - TCC runs out off FDs

Last Modified

Jan 30, 2017

Products (1)

  • Cisco ONS 15454 Series Multiservice Provisioning Platforms

Known Affected Releases

9.00 9.10

Description (partial)

Symptom: Closing or ESTABLISH scans on TCP ports 1000, 1004 and 65000 can run out system resources and there by impact the normal functionining of the system.
The impacted functions can include 
1. Cannot open new management sessions (CTC, TL1 etc)
2. File operations fails such as reading from the flash.
3. Line card plug out/plug in will fail as TCC will not be able to get the bins from the flash.

Conditions: System runs out of FDs when an scan is performed on TCP ports 1000, 1004 or 65000. netstat Show debug command may show a lot of sockets opened on the above mentioned ports.
1000 and 1004 are RPC sockets opened for NFS mount for Enchanced diagnostics.
65000 is used for Psuedo IOS connections.
Issue seen only on R9.00 and R9.01.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.