[59715] in North American Network Operators' Group
Re: Protecting inbound interfaces (re: Cisco exploit)
daemon@ATHENA.MIT.EDU (Wayne)
Fri Jul 18 09:18:14 2003
Date: Fri, 18 Jul 2003 09:23:43 -0400
From: Wayne <nanog@wgustavus.com>
To: Rick Ernst <ernst@easystreet.com>
Cc: nanog@merit.edu
In-Reply-To: <20030718060328.A54680-100000@legendz.com>
Errors-To: owner-nanog-outgoing@merit.edu
Depends on the platform; if it is a Cisco GSR or 7500 (w/ sufficiently
current IOS), you can look into using a Receive ACL (rACL). The Cisco
advisory being sent around in the discussion of the latest vulnerability
has a link to more info for Cisco rACLs
- Wayne
Rick Ernst wrote:
>
> Is there a way to globally protect all inbound interfaces on a router via ACL
> (specifically hundreds of frame/sub-interfaces) without applying the same ACL
> to each individual interface?
>
> Is the "line vty" config only for telnet/ssh, etc. or is it the magic global
> that I'm looking for?
>
> I'd post this on inet-access but this is where the conversation is taking
> place.
>
> Thanks,
> Rick
>
>
>
>
