mailing list archives
Re: Three possible DoS attacks against some IOS versions.
From: Felix Lindner <felix.lindner () nruns com>
Date: Sat, 08 Jun 2002 11:21:40 +0200
Sharad Ahlawat wrote:
an excerpt form RFC 2281 - Cisco HSRP
7. Security Considerations
It is difficult to subvert the protocol from outside the
LAN as most routers will not forward packets addressed to the
all-routers multicast address (126.96.36.199).
This does not prevent remote attacks because Cisco devices do not
validate the destination address of a HSRP packet. Unicast packets are
accepted, which can be tested using the hrsp tool at