Protecting inbound interfaces (re: Cisco exploit)
Wayne
nanog at wgustavus.com
Fri Jul 18 13:23:43 UTC 2003
Depends on the platform; if it is a Cisco GSR or 7500 (w/ sufficiently
current IOS), you can look into using a Receive ACL (rACL). The Cisco
advisory being sent around in the discussion of the latest vulnerability
has a link to more info for Cisco rACLs
- Wayne
Rick Ernst wrote:
>
> Is there a way to globally protect all inbound interfaces on a router via ACL
> (specifically hundreds of frame/sub-interfaces) without applying the same ACL
> to each individual interface?
>
> Is the "line vty" config only for telnet/ssh, etc. or is it the magic global
> that I'm looking for?
>
> I'd post this on inet-access but this is where the conversation is taking
> place.
>
> Thanks,
> Rick
>
>
>
>
More information about the NANOG
mailing list