[Dshield] Non-IPv4 Internet Traffic

Mark Tombaugh mtombaugh at alliedcc.com
Thu Oct 2 00:17:52 GMT 2003


On Wednesday 01 October 2003 9:50 am, Jon R. Kibler wrote:
> If the answer to the above questions are 'no', then why was the Cisco IOS
> bug considered such a risk?

Which bug? 
The recent IOS advisory I'm thinking of only deals with IPv4 packets:

<http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml>
"Cisco routers are configured to process and accept Internet Protocol version 
4 (IPv4) packets by default. IPv4 packets handled by the processor on a Cisco 
IOS device with protocol types of 53 (SWIPE), 55 (IP Mobility, or 77 (Sun 
ND), all with Time-to-Live (TTL) values of 1 or 0, and 103 (Protocol 
Independent Multicast - PIM) with any TTL value, may force the device to 
incorrectly flag the input queue on an interface as full. A full input queue 
will stop the device from processing inbound traffic on that interface and 
may result in routing protocols dropping due to dead timers." 

If this is what you're referring to it was such a risk because it was so 
easily exploited, and for detection, you can use snort since it is IP. 

<http://www.cisco.com/go/psirt/>
Excuse me if I'm off target, this post dos'd my brain.

-- 
   Mark Tombaugh <mtombaugh at alliedcc.com>
   Allied Computer Corporation <http://www.alliedcc.com>
   USiHOST, iNC. <http://www.usihost.com>





More information about the list mailing list