On Jul 3, 2010, at 2:05 AM, Mailing lists at Core Security Technologies wrote:
> Perhaps we should too ask and wait for actual data from Mr. Shang I acknowledged this deeper in the thread - and also noted that since I've seen the same kind of reported behavior not above two or three hundred times in the past, that it sure looks like a classic RP DoS due to punted management-plane traffic. I used to work for Cisco, and have the highest respect for the PSIRT team; I'm sure if there's an issue beyond simple BCPs, they'll resolve it. In the meantime, everyone should ensure that their networks disallow control- and management-plane traffic from unauthorized nodes via iACLs, CoPP, et. al.; and also investigate rate-limiting management- and control-plane traffic in a situationally-appropriate manner via CoPP, HWRL, et. al. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
