Re: Three possible DoS attacks against some IOS versions.

• Previous message: Phil Dibowitz: "Broken PMTUD in FreeBSD?"
• In reply to: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Next in thread: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Next in thread: Big Poop: "Re: Three possible DoS attacks against some IOS versions."
• Reply: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sharad Ahlawat wrote:
> an excerpt form RFC 2281 - Cisco HSRP
> 
> 7. Security Considerations
[SNIP]
>  It is difficult to subvert the protocol from outside the
>  LAN as most routers will not forward packets addressed to the
>  all-routers multicast address (224.0.0.2).

This does not prevent remote attacks because Cisco devices do not
validate the destination address of a HSRP packet. Unicast packets are
accepted, which can be tested using the hrsp tool at
http://www.phenoelit.de/irpas/ 

Regards
/F

• Next message: securityat_private: "Security Update: [CSSA-2002-SCO.25] OpenServer 5.0.5 OpenServer 5.0.6 : snmpd denial-of-service vulnerabilities."
• Previous message: Phil Dibowitz: "Broken PMTUD in FreeBSD?"
• In reply to: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Next in thread: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Next in thread: Big Poop: "Re: Three possible DoS attacks against some IOS versions."
• Reply: Sharad Ahlawat: "Re: Three possible DoS attacks against some IOS versions."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 19:29:12 PDT