North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
TCP-ACK vulnerability (was RE: SSH on the router)
On Mon, 7 Jun 2004, McBurnett, Jim wrote: > Aside from that, Use ACL's out the wazoo on the VTY lines and limit access to > that to say 1 SSH enabled router or 1 IPSEC enabled router... It doesn't really matter if you use SSH, Telnet or HTTP; if you can send evil packets to the router/switch and it falls over and dies. http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml IP Permit Lists will not provide any mitigation against this vulnerability. The race is on, who will find your switches first?