[Dshield] Non-IPv4 Internet Traffic

Jon R. Kibler Jon.Kibler at aset.com
Wed Oct 1 13:50:28 GMT 2003


As I was reviewing our Cisco routers' configurations, the blocks we (rather mindlessly) put into place because of the recent IOS bug for non-IP protocols raised a rather interesting set of questions that had not occurred to me before (but should have): 

Can non-IP protocols be routed over the Internet in such a way as to produce an undetectable (or at least difficult to detect) DOS or similar attack? 

Since most of our router rules are IP oriented, and most of our network monitoring tools are IP oriented, could we easily detect a non-IP attack? 

How would we determine from where it originated?

Could such an attack be used to successfully compromise a system?

Could non-IP services be used to access remote-control zombies on an already compromised system?


If the answer to the above questions are 'no', then why was the Cisco IOS bug considered such a risk?

Finally, can the Internet now route IPv6 traffic and, if so, what precautions should we be taking?

TIA for all insight offered!

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list