Bugtraq mailing list archives
Re: Widespread Router Access Port DoS
From: mr_joej () HOTMAIL COM (Mr. joej)
Date: Fri, 5 Feb 1999 04:08:07 PST
I believe there is some clarification to your 'DoS' that should be stated. What versions of cisco IOS are you refering to? But either way you are refering to 2 seperate, possibly 3 seperate features of Cisco IOS. Port 23 (telnet obviously) spawns a 'virtual terminal' when it receives a connection. This can be protected from 'unauthorized' access by an ACL. Instead of applying an interface specific ACL, you should place one in the actual Line VTY config. Regarding ports 2001, 4001, 6001, and 9001. Those are all 'reverse telnet' ports for the AUX port. In my experience I have seen several routers that do have this misconfigured, however a DoS attack against this port is of no importance. The simple fix is to apply 'transport input none' to the aux port. And if the administrator actually knows what he is doing, and needs reverse telnet ability to the router's AUX port, once again an ACL can be applied to only allow specific access. I agree that if the reverse telnet to the AUX is used, it can be tied up, just by connecting to one of the ports 2001, 4001 .... and no other port will answer a connection....(assuming no ACL is installed) However, currently I do not consider what you have stated a DoS attack. I have not seen any router 'reboot' from anything you have stated. Please post more information to clarify. joej Mr_JoeJ () hotmail com ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Widespread Router Access Port DoS Mr. joej (Feb 05)
- <Possible follow-ups>
- Re: Widespread Router Access Port DoS John Bashinski (Feb 05)
- Re: Widespread Router Access Port DoS System Grunt (Feb 05)