Priscilla Oppenheimer wrote: > Oscar wrote: > >>Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 >>Packet >> >>lots and lots of IOS versions are affected >> >>http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml >> >> > > > Thanks for the link. It's scary. Of course, with the proper ACLs, a router > wouldn't be affected, but probably lots of routers don't have "the proper > ACLs." > > Anyone know the details? The advisory just says this:
Don't know the details but talking with a couple of Cisco engineers they don't know of anyone being hit. It's a good wakeup for those that don't already have common sense ACLs to get them in place and for others to upgrade routers that are running old IOS! Dave > > "A rare, specially crafted sequence of IPv4 packets which is handled by the > processor on a Cisco IOS device may force the device to incorrectly flag the > input queue on an interface as full, which will cause the router to stop > processing inbound traffic on that interface. This can cause routing > protocols to drop due to dead timers." > > I think Cisco was right not to publish the details about these "rare, > specially crafted" packets, but does anyone have the details? Maybe if you > can get to the bugtracker, the details are in there. > > Thanks > > Priscilla -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72503&t=72463 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
