[25716] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Three possible DoS attacks against some IOS versions.

daemon@ATHENA.MIT.EDU (Felix Lindner)
Mon Jun 10 22:34:21 2002

Message-ID: <3D01CCA4.2C290F4@nruns.com>
Date: Sat, 08 Jun 2002 11:21:40 +0200
From: Felix Lindner <felix.lindner@nruns.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Sharad Ahlawat wrote:
> an excerpt form RFC 2281 - Cisco HSRP
> 
> 7. Security Considerations
[SNIP]
>  It is difficult to subvert the protocol from outside the
>  LAN as most routers will not forward packets addressed to the
>  all-routers multicast address (224.0.0.2).

This does not prevent remote attacks because Cisco devices do not
validate the destination address of a HSRP packet. Unicast packets are
accepted, which can be tested using the hrsp tool at
http://www.phenoelit.de/irpas/ 

Regards
/F


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25716] in bugtraq

Re: Three possible DoS attacks against some IOS versions.

daemon@ATHENA.MIT.EDU (Felix Lindner)Mon Jun 10 22:34:21 2002

daemon@ATHENA.MIT.EDU (Felix Lindner)
Mon Jun 10 22:34:21 2002