Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover

From: Richard Johnson (rdumpat_private)
Date: Thu Jul 24 2003 - 13:29:57 PDT

Next message: Dave Paris: "Re: Port 0 packets"

Previous message: Salvatore Poliandro: "Re: Port 0 packets"
In reply to: Cedric Blancher: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article 
<1059029372.1180.7.camelat_private-securite.net>,
 Cedric Blancher <blancher@cartel-securite.fr> wrote:

> I checked this and it appears packets have to be addressed to target
> router. Transit evil packets which TTL would expire on a router won't
> affect it.

Our networking guys say that TTL expiry inbound or outbound from a 
vulnerable router may only cause queue fillup when using PIM packets.  
(I'd test directly before posting, but multicast is enabled on all our 
Ciscos.)

If no-one can confirm a failure en passant, then I'd say directly 
addressing the router's IP is required.

Richard

-- 
My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Dave Paris: "Re: Port 0 packets"
Previous message: Salvatore Poliandro: "Re: Port 0 packets"
In reply to: Cedric Blancher: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 10:31:48 PDT