[59671] in North American Network Operators' Group
Re: Cisco IOS Vulnerability
daemon@ATHENA.MIT.EDU (Jeff Kell)
Thu Jul 17 02:13:51 2003
Date: Thu, 17 Jul 2003 02:13:18 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: Sean Donelan <sean@donelan.com>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0307170154360.13033-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
The workaround for transit suggests permitting only tcp, udp, icmp, gre,
esp, and ah protocols. Is this sufficient to protect the router
itself, or do you have to get hard-nosed with specific ACLs (restricting
access to all your possible interface addresses)?
Jeff
