TCP-ACK vulnerability (was RE: SSH on the router)

• Previous message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Next message (by thread): UDP-TCP-ACK-SYN Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Jun 2004, Sean Donelan wrote:

> On Mon, 7 Jun 2004, McBurnett, Jim wrote:
> > Aside from that, Use ACL's out the wazoo on the VTY lines and limit access to
> > that to say 1 SSH enabled router or 1 IPSEC enabled router...
> 
> It doesn't really matter if you use SSH, Telnet or HTTP; if you can send
> evil packets to the router/switch and it falls over and dies.
> 
> http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml
> 
> IP Permit Lists will not provide any mitigation against this vulnerability.
> 
> The race is on, who will find your switches first?

yes, i often wondered why the permit list allows the session to connect then 
gives you a polite message before disconnecting.

anyway this is only on catos..

Steve

• Previous message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Next message (by thread): UDP-TCP-ACK-SYN Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]