Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Workaround

From: "Kurt Seifried" <bt () seifried org>
Date: Wed, 23 Jul 2003 23:10:31 -0600
No. The attack requires N+1 attack packets. N=size of queue, which by
default is 75. The packets can be any of the four protocols (i.e. all of one
type, half of one, half of another, etc.). It has also been reported that
some other protocols work for this attack, but this has not been confirmed.
Read the Cisco advisory, it's quite clear on this.

You can either:

1) upgrade your software
2) firewall these four classes of packets
3) firewall access to the IP's bound to the interfaces (*)

* it has also been reported that packets that timeout, i.e. TTL = 0 in the
queue can be used to execute the attack.

1 is of course the optimal solution as it _fixes_ the problem.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: