[Dshield] Non-IPv4 Internet Traffic
mtombaugh at alliedcc.com
Thu Oct 2 00:17:52 GMT 2003
On Wednesday 01 October 2003 9:50 am, Jon R. Kibler wrote:
> If the answer to the above questions are 'no', then why was the Cisco IOS
> bug considered such a risk?
The recent IOS advisory I'm thinking of only deals with IPv4 packets:
"Cisco routers are configured to process and accept Internet Protocol version
4 (IPv4) packets by default. IPv4 packets handled by the processor on a Cisco
IOS device with protocol types of 53 (SWIPE), 55 (IP Mobility, or 77 (Sun
ND), all with Time-to-Live (TTL) values of 1 or 0, and 103 (Protocol
Independent Multicast - PIM) with any TTL value, may force the device to
incorrectly flag the input queue on an interface as full. A full input queue
will stop the device from processing inbound traffic on that interface and
may result in routing protocols dropping due to dead timers."
If this is what you're referring to it was such a risk because it was so
easily exploited, and for detection, you can use snort since it is IP.
Excuse me if I'm off target, this post dos'd my brain.
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC. <http://www.usihost.com>
More information about the list