Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Workaround

From: john <seclist () wiresec net>
Date: 24 Jul 2003 07:30:44 -0500
The hack does not require the usage of all 4 protocols. Using any one of
them will allow disable the router interface.

Using hping to test is the best way to see what I mean.

John


On Wed, 2003-07-23 at 14:16, DOUGLAS GULLETT wrote:

I don't think you have to put all the access-list in.  I believe that 
the hack requires a certain combination of packets to the four ports, 
so leaving one or two of them open should still prevent the hack.  That 
might be a good question for Cisco TAC...they should be willing to help 
even if you "misplaced" your SmartNet contract information.  ;-)

Doug



----- Original Message -----
From: Alvaro Gordon-Escobar <alvaroge () molecularstaging com>
Date: Wednesday, July 23, 2003 10:15 am
Subject: Cisco Workaround


will this access list modification prevent my internal DNS server 
from updates to it self from my telco's DNS server?

access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- insert any other previously applied ACL entries here
!--- you must permit other protocols through to allow normal
!--- traffic -- previously defined permit lists will work
!--- or you may use the permit ip any any shown here
access-list 101 permit ip any any

Thanks in advance

~alvaro Escobar

-------------------------------------------------------------------
--------
-------------------------------------------------------------------
---------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: