[40732] in North American Network Operators' Group
Re: cisco IOS bug/exploit?
daemon@ATHENA.MIT.EDU (Mark Mentovai)
Mon Aug 20 11:26:59 2001
Date: Mon, 20 Aug 2001 11:26:20 -0400 (EDT)
From: Mark Mentovai <mark-list@mentovai.com>
To: Barton F Bruce <barton@cent.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <009f01c12989$16916410$71d1bece@BARTON3>
Message-ID: <Pine.GSO.4.33.0108201117170.25878-100000@oak.ggn.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Barton F Bruce wrote:
>There is a chance that you have a static for 0.0.0.0 0.0.0.0 to eth0 or
>something like that even though the other end may be the only thing on the
>ethernet. DON'T do that!
>
>The router will arp for every address it needs to get to.
>With codered around, that can be bad.
>
>Use a static default to a real ip address.
Use "no ip proxy-arp" (you should all be doing this anyway). With proxy ARP
disabled, a default route to an ethernet interface won't work unless
0.0.0.0/0 really is connected at layer 2.
>There is somthing on CCO about this.
http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
Mark
