On Fri, 18 Jul 2003, Renaud Deraison wrote: > The attached plugin will supposedly block the interface of a CISCO > router vulnerable to the widely publicized vulnerability. I did not test > it, I've done some tests against Catalyst 2950 with IOS 12.1(11)EA1 (isn't IOS version numbering wonderful?). 2950 is no router but its admin interface should handle packets the same way all other IOS devices do. I had to increase the number of transmitted packets: 42 (as well as 100 or 200) loop iterations did nothing but 500 iterations appeared to be sufficient to make the switch's admin interface completely unresponsive. No ping (in either direction), no telnet, nothing. As far as I understand it, the loss of switch/router's own connectivity is supposed to be the primary effect of the attack, and the ability to forward packets is lost when ARP entries time out and the device is unable to refresh them. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Mon Jul 21 2003 - 07:45:10 PDT