Protecting inbound interfaces (re: Cisco exploit)

• Previous message (by thread): Protecting inbound interfaces (re: Cisco exploit)
• Next message (by thread): Working vulnerability? (Cisco exploit)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Depends on the platform; if it is a Cisco GSR or 7500 (w/ sufficiently 
current IOS), you can look into using a Receive ACL (rACL).  The Cisco 
advisory being sent around in the discussion of the latest vulnerability 
has a link to more info for Cisco rACLs

- Wayne

Rick Ernst wrote:

> 
> Is there a way to globally protect all inbound interfaces on a router via ACL
> (specifically hundreds of frame/sub-interfaces) without applying the same ACL
> to each individual interface?
> 
> Is the "line vty" config only for telnet/ssh, etc. or is it the magic global
> that I'm looking for?
> 
> I'd post this on inet-access but this is where the conversation is taking
> place.
> 
> Thanks,
> Rick
> 
> 
> 
> 

• Previous message (by thread): Protecting inbound interfaces (re: Cisco exploit)
• Next message (by thread): Working vulnerability? (Cisco exploit)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]