TCP-ACK vulnerability (was RE: SSH on the router)

North American Network Operators Group

TCP-ACK vulnerability (was RE: SSH on the router)

From: Sean Donelan
Date: Wed Jun 09 15:20:48 2004

On Mon, 7 Jun 2004, McBurnett, Jim wrote:
> Aside from that, Use ACL's out the wazoo on the VTY lines and limit access to
> that to say 1 SSH enabled router or 1 IPSEC enabled router...

It doesn't really matter if you use SSH, Telnet or HTTP; if you can send
evil packets to the router/switch and it falls over and dies.

http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml

IP Permit Lists will not provide any mitigation against this vulnerability.

The race is on, who will find your switches first?

Follow-Ups:
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox

References:
- RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim

Prev by Date: Re: AV/FW Adoption Sudies
Next by Date: Re: TCP-ACK vulnerability (was RE: SSH on the router)
Date Index
Thread Index
Author Index
Historical