nanog mailing list archives

RE: Cisco vulnerability on smaller catalyst switches

From: "Steve Rude" <steve () skyriver net>
Date: Fri, 18 Jul 2003 17:07:58 -0700

As part of our vulnerability tests, we have been unable to confirm

that

the smaller catalyst switches running IOS but without L3 capability

are

vulnerable.  They don't seem to react in a negative way to the same
attacks that lock up the other devices we have tested.  Has anyone

else

been able to verify this one way or the other?


I tested Catalyst 2924-XL-EN with 12.0(5)WC5a and I found that without
L3 capability it does not seem to be affected.  But with L3
connectivity, if you direct the attack at the VLAN1 interface it is
definitely susceptible. 

I've tested 12.0(5)WC8 and it has the fix.

--steve

Current thread:

Cisco vulnerability on smaller catalyst switches Chris Griffin (Jul 18)
- Re: Cisco vulnerability on smaller catalyst switches Petri Helenius (Jul 18)
- <Possible follow-ups>
- RE: Cisco vulnerability on smaller catalyst switches McBurnett, Jim (Jul 18)
- RE: Cisco vulnerability on smaller catalyst switches Steve Rude (Jul 18)
  - Re: Cisco vulnerability on smaller catalyst switches Haesu (Jul 18)
- RE: Cisco vulnerability on smaller catalyst switches Steve Rude (Jul 18)