Security Basics mailing list archives
Re: Cisco Workaround
From: igenge2 () csc com au
Date: Thu, 24 Jul 2003 15:03:11 +0800
Hello Doug,
I don't think you have to put all the access-list in. I believe that the hack requires a certain combination of packets to the four ports, so leaving one or two of them open should still prevent the hack.
Firstly, remember that these are IP protocols we are referring to, not TCP/UDP ports. Secondly, we have confirmed that the DoS can be performed using any one of the protocols. So if, for example, you block three of the protocols and leave protocol 53 open you are still toast. Ian Genge __________________________________________________ Senior Network Engineer CSC --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Cisco Workaround, (continued)
- Re: Cisco Workaround Kurt Seifried (Jul 24)
- RE: Cisco Workaround David Gillett (Jul 24)
- RE: Cisco Workaround Wolfpaw - Dale Corse (Jul 24)
- RE: Cisco Workaround Byrne Ghavalas (Jul 24)
- Re: Cisco Workaround john (Jul 24)
- Re: Cisco Workaround joshua sahala (Jul 24)
- Re: Cisco Workaround Jac (Jul 24)
- Re: Cisco Workaround Kurt Seifried (Jul 24)
- Re: Cisco Workaround Luis Enrique Londono (Jul 23)
- Re: Cisco Workaround bryan_khoo (Jul 24)
- RE: Cisco Workaround dave kleiman (Jul 24)
- Re: Cisco Workaround igenge2 (Jul 24)
- Re: Cisco Workaround Stephane Nasdrovisky (Jul 24)
- RE: Cisco Workaround Jofre, Sebastian (Jul 24)
- RE: Cisco Workaround Tim Donahue (Jul 28)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 28)
- RE: Cisco Workaround Noonan, Wesley (Jul 28)
- RE: Cisco Workaround Martin, Olivier (Jul 28)
- Re: Cisco Workaround joshua sahala (Jul 28)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 29)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)
- Re: Cisco Workaround Jac (Jul 30)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)
(Thread continues...)