Security Basics mailing list archives
RE: Cisco Workaround
From: "Byrne Ghavalas" <security () nscs uk com>
Date: Thu, 24 Jul 2003 07:58:54 +0100
Hi, This has been discussed on various lists. The input queue can be filled by sending 76 packets of any one of the protocols (53, 55, 77, 103). The packets do not need to be a combination of the protocols (although combining them so that 76 packets are sent would also work), nor do they need any special data payload. The only other requirement is that the TTL is 0 or 1 when the packet reaches the appropriate interface. The exception to the above rule is protocol 103 (PIM) - if it is enabled on the router, the packets will be cleared from the input queue and a DoS condition will not be created. To test for the problem, a simple tool like Hping or Packit will do the job - it is not necessary to use any of the publicly available exploits. Using the appropriate command line options these tools can easily create packets of these protocol types and the TTL can be defined. I hope this helps. Kind regards Byrne G
-----Original Message----- From: DOUGLAS GULLETT [mailto:dougg03 () comcast net] Sent: Wednesday, July 23, 2003 8:16 PM To: Alvaro Gordon-Escobar Cc: firewalls () securityfocus com; security-basics () securityfocus com Subject: Re: Cisco Workaround I don't think you have to put all the access-list in. I believe
that
the hack requires a certain combination of packets to the four
ports,
so leaving one or two of them open should still prevent the
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Cisco Workaround, (continued)
- RE: Cisco Workaround Naman Latif (Jul 23)
- RE: Cisco Workaround Todd Mitchell - lists (Jul 23)
- RE: Cisco Workaround Charlie Winckless (Jul 23)
- Re: Cisco Workaround DOUGLAS GULLETT (Jul 23)
- RE: Cisco Workaround Terry Baranski (Jul 24)
- Re: Cisco Workaround Paul Kincaid (Jul 24)
- RE: Cisco Workaround Dave Gilmore (Intrusense) (Jul 24)
- Re: Cisco Workaround Kurt Seifried (Jul 24)
- RE: Cisco Workaround David Gillett (Jul 24)
- RE: Cisco Workaround Wolfpaw - Dale Corse (Jul 24)
- RE: Cisco Workaround Byrne Ghavalas (Jul 24)
- Re: Cisco Workaround john (Jul 24)
- Re: Cisco Workaround joshua sahala (Jul 24)
- Re: Cisco Workaround Jac (Jul 24)
- Re: Cisco Workaround Luis Enrique Londono (Jul 23)
- Re: Cisco Workaround bryan_khoo (Jul 24)
- RE: Cisco Workaround dave kleiman (Jul 24)
- Re: Cisco Workaround igenge2 (Jul 24)
- Re: Cisco Workaround Stephane Nasdrovisky (Jul 24)
- RE: Cisco Workaround Jofre, Sebastian (Jul 24)
- RE: Cisco Workaround Tim Donahue (Jul 28)
(Thread continues...)