Re: Anyone got a rule for the latest Cisco bug?

["james" <hackerwacker () tarpit cybermesa com>]

May be hard to do, Snort does not understand all of these protocols.We would need more info. to do a content match on
the IP packet.It also may be malformed protocol headers, seems this would requireSnort to understand these
protocols.james<snip>Cisco routers are configured to process and accept Internet Protocol version 4 (IPv4)packets by
default. A rare, specially crafted sequence of IPv4 packets withprotocol type 53 (SWIPE), 55 (IP Mobility), 77 (Sun ND),
or 103 (Protocol Independent Multicast - PIM) which is handled by the processor on a Cisco IOS device may force the
device to incorrectly flag the input queue on an interface as full, which will cause the router to stop processing
inbound traffic on that interface. This can cause routing protocols to drop due to dead timers. access-list 101 deny 53
any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- insert any other previously applied ACL entries here
!--- you must permit other protocols through to allow normal
!--- traffic -- previously defined permit lists will work
!--- or you may use the permit ip any any shown here
access-list 101 permit ip any any



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users