RE: Cisco Workaround

["Dave Gilmore (Intrusense)" <dgilmore () intrusense com>]

Hello Doug,

Actually that's not true. Any one of the aforementioned protocols can
fill the queue with ~76 packets. 


Dave Gilmore
Information Security Analyst

--
Intrusense - Securing Business As Usual


-----Original Message-----
From: DOUGLAS GULLETT [mailto:dougg03 () comcast net] 
Sent: Wednesday, July 23, 2003 3:16 PM
To: Alvaro Gordon-Escobar
Cc: firewalls () securityfocus com; security-basics () securityfocus com
Subject: Re: Cisco Workaround


I don't think you have to put all the access-list in.  I believe that 
the hack requires a certain combination of packets to the four ports, 
so leaving one or two of them open should still prevent the hack.  That 
might be a good question for Cisco TAC...they should be willing to help 
even if you "misplaced" your SmartNet contract information.  ;-)

Doug



----- Original Message -----
From: Alvaro Gordon-Escobar <alvaroge () molecularstaging com>
Date: Wednesday, July 23, 2003 10:15 am
Subject: Cisco Workaround

> will this access list modification prevent my internal DNS server
> from updates to it self from my telco's DNS server?
>
> access-list 101 deny 53 any any
> access-list 101 deny 55 any any
> access-list 101 deny 77 any any
> access-list 101 deny 103 any any
> !--- insert any other previously applied ACL entries here
> !--- you must permit other protocols through to allow normal
> !--- traffic -- previously defined permit lists will work
> !--- or you may use the permit ip any any shown here access-list 101 
> permit ip any any
>
> Thanks in advance
>
> ~alvaro Escobar
>
> -------------------------------------------------------------------
> --------
> -------------------------------------------------------------------
> ---------



---------------------------------------------------------------------------
----------------------------------------------------------------------------