On 9 Feb 2019, at 3:02, Bryan Holloway wrote:
> I suspect you are right. Saku made the same suggestion off-line.
Concur that these are likely non-initial fragments. Don't just block
all non-initial fragments willy-nill, or you'll break EDNS0.
If the targeted networks are endpoint networks
and
53 and 123
- Aaron
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Bryan Holloway
Sent: Friday, February 8, 2019 1:38 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] UDP/0 ACL IOSXR issue?
Anyone aware of any issues
On 2/8/19 1:57 PM, Gert Doering wrote:
Hi,
On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
Anyone aware of any issues with filtering destination UDP/0 at ingress
points on IOS XR?
We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
need arises.
UDP/0 is a
Hi,
On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
> Anyone aware of any issues with filtering destination UDP/0 at ingress
> points on IOS XR?
>
> We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
> need arises.
>
> UDP/0 is a well-known vector for this
Anyone aware of any issues with filtering destination UDP/0 at ingress
points on IOS XR?
We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
need arises.
UDP/0 is a well-known vector for this sort of attack. However, what I'm
seeing is that packets seem to be getting past