nanog mailing list archives

Re: cisco IOS bug/exploit?

From: Mark Mentovai <mark-list () mentovai com>
Date: Mon, 20 Aug 2001 11:26:20 -0400 (EDT)


Barton F Bruce wrote:

There is a chance that you have a static for 0.0.0.0 0.0.0.0 to eth0 or
something like that even though the other end may be the only thing on the
ethernet. DON'T do that!

The router will arp for every address it needs to get to.
With codered around, that can be bad.

Use a static default to a real ip address.


Use "no ip proxy-arp" (you should all be doing this anyway).  With proxy ARP
disabled, a default route to an ethernet interface won't work unless
0.0.0.0/0 really is connected at layer 2.

There is somthing on CCO about this.


http://www.cisco.com/warp/public/63/ts_codred_worm.shtml

Mark

Current thread:

cisco IOS bug/exploit? Jim Mercer (Aug 20)
- Re: cisco IOS bug/exploit? Jeff Gehlbach (Aug 20)
- Re: cisco IOS bug/exploit? Barton F Bruce (Aug 20)
  - Re: cisco IOS bug/exploit? Mark Mentovai (Aug 20)
- Re: cisco IOS bug/exploit? mike harrison (Aug 20)
  - Re: cisco IOS bug/exploit? Jason Slagle (Aug 20)