nanog mailing list archives
Re: TCP-ACK vulnerability (was RE: SSH on the router)
From: "Alexei Roudnev" <alex () relcom net>
Date: Wed, 9 Jun 2004 23:32:43 -0700
This is minor exploit - usually you set up VLAN1 interface with IP addres, which is filterd out from outside. Moreover, there is not any good way to find switch IP - it is transparent for user's devices.
On Mon, 7 Jun 2004, McBurnett, Jim wrote:Aside from that, Use ACL's out the wazoo on the VTY lines and limit
access to
that to say 1 SSH enabled router or 1 IPSEC enabled router...It doesn't really matter if you use SSH, Telnet or HTTP; if you can send evil packets to the router/switch and it falls over and dies. http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml IP Permit Lists will not provide any mitigation against this
vulnerability.
The race is on, who will find your switches first?
Current thread:
- RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim (Jun 07)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- Re: UDP-TCP-ACK-SYN Attacks Pete (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) James (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 11)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)
- Message not available
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)