Security Basics mailing list archives
Re: Cisco Workaround
From: "Kurt Seifried" <bt () seifried org>
Date: Wed, 23 Jul 2003 23:10:31 -0600
No. The attack requires N+1 attack packets. N=size of queue, which by default is 75. The packets can be any of the four protocols (i.e. all of one type, half of one, half of another, etc.). It has also been reported that some other protocols work for this attack, but this has not been confirmed. Read the Cisco advisory, it's quite clear on this. You can either: 1) upgrade your software 2) firewall these four classes of packets 3) firewall access to the IP's bound to the interfaces (*) * it has also been reported that packets that timeout, i.e. TTL = 0 in the queue can be used to execute the attack. 1 is of course the optimal solution as it _fixes_ the problem. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Cisco Workaround, (continued)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 25)
- RE: Cisco Workaround (comment on actually using those protocols) jamesworld (Jul 28)
- RE: Cisco Workaround David Gillett (Jul 28)
- RE: Cisco Workaround Naman Latif (Jul 23)
- RE: Cisco Workaround Todd Mitchell - lists (Jul 23)
- RE: Cisco Workaround Charlie Winckless (Jul 23)
- Re: Cisco Workaround DOUGLAS GULLETT (Jul 23)
- RE: Cisco Workaround Terry Baranski (Jul 24)
- Re: Cisco Workaround Paul Kincaid (Jul 24)
- RE: Cisco Workaround Dave Gilmore (Intrusense) (Jul 24)
- Re: Cisco Workaround Kurt Seifried (Jul 24)
- RE: Cisco Workaround David Gillett (Jul 24)
- RE: Cisco Workaround Wolfpaw - Dale Corse (Jul 24)
- RE: Cisco Workaround Byrne Ghavalas (Jul 24)
- Re: Cisco Workaround john (Jul 24)
- Re: Cisco Workaround joshua sahala (Jul 24)
- Re: Cisco Workaround Jac (Jul 24)
- Re: Cisco Workaround Luis Enrique Londono (Jul 23)
- Re: Cisco Workaround bryan_khoo (Jul 24)
- RE: Cisco Workaround dave kleiman (Jul 24)
- Re: Cisco Workaround igenge2 (Jul 24)
(Thread continues...)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 25)