On Fri, Jul 18, 2003 at 03:05:21PM -0400, Michael Scheidell wrote: > > > > > > The attached plugin will supposedly block the interface of a CISCO > > router vulnerable to the widely publicized vulnerability. I did not test > > it, and I don't plan to officially include it (it's redundant with > > cisco_ipv4_dos.nasl which is non-intrusive). As such, its description > > should not be taken too seriously. > > but, then again, one of the problems with just relying on the snmp OS > string, or in the case of 'banners', (smtp banners, netbios registry > entries) is that we truly don't do the test. > > In the case of this one, yes, its a LOT more intrusive than say, just > KILL_HOST (more like KILL_NET ;0) but should not it be included? I mean, > there are those other cisco snmp DOS's that will KILL_NET and those are in > the standard distribution. The main issue in that case is that it does not kill the router, it kills its ability to forward packets. ie: AFAIK, it continues to respond after the attack (I may be wrong though, as I did not test it). -- Renaud
This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 12:11:29 PDT