Anyone got a rule for the latest Cisco bug?

[Jason Haar <Jason.Haar () trimble co nz>]

Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet

Apparently some hacked IPv4 packet sent at a Cisco router's actual IP
address can cause a table to fill up - causing the router to become unusable.

Anyone got a pattern match for it? Frankly the CERT alert about it was next
to useless - they have some example ACLs that "may" help - but there's not
enough to go on really (I mean, if I want to allow SSH access to a router
from one IP address on the Internet, can I make an ACL to allow that, and
block all other IP, or does this attack mean that if the baddie fakes the
SYN packet to match my "good" address, then the attack still works???)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users