According to what I've been reading it's a remotely exploitable denial of service situation, based on specially crafted packets designed to fill up the "process switched" input queues on an interface.
That generally means packets with a destination address of one of the router's own interfaces. If there's some mystery exploit out there, one workaround would be to firewall the router's own IP address(es). This would still allow the router to perform its routing function for other IPs.
BB
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
