[7694] in bugtraq
Re: specifics on cisco DOS?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Aug 17 15:13:49 1998
Date: Mon, 17 Aug 1998 14:40:39 -0400
Reply-To: Jared Mauch <jared@PUCK.NETHER.NET>
From: Jared Mauch <jared@PUCK.NETHER.NET>
X-To: Roger Books <books@mail.state.fl.us>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <ML-2.2.903375816.2392.books@booksr>; from Roger Books on Mon,
Aug 17, 1998 at 05:43:36PM +0000
On Mon, Aug 17, 1998 at 05:43:36PM +0000, Roger Books wrote:
> Does anyone have specifics on the latest DoS on cisco routers?
>
> http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
>
> I have been assigned the task of determining not only if
> we are vulnerable, but how difficult it is to perform
Vulnerability should be fairly easy to determine via
"sh ver"
A "good" way to cause this to no longer be an issue
for you is to assign inbound-vty access-lists on your routers,
such that you can only telnet to them from certain ip addresses,
hosts, etc..
Here's an example of your config you would need to insert
to your cisco router.
access-list 50 permit 10.20.128.0 0.0.63.255
line vty 0 4
access-class 50 in
login
!
This will allow 10.20.128.0/18 to telnet into your router ONLY.
This will also help prevent joe-blow user from the internet
to determine your router vendor. (Unless you do
something silly like use snmp-server community public, or don't
acl your snmp-server community public).
A "good thing(tm)" IMHO.
For your reference, here's the various subnet masks
from one of my cisco-acl programs, so you can do this without problems:
Format: cidr, cidr+slash, mask, cisco inverted-mask
char lookupnfo[][4][16] = { { "32", "/32", "255.255.255.255", "0.0.0.0" },
{"31", "/31", "255.255.255.254", "0.0.0.1"},
{"30", "/30", "255.255.255.252", "0.0.0.3"},
{"29", "/29", "255.255.255.248", "0.0.0.7"},
{"28", "/28", "255.255.255.240", "0.0.0.15"},
{"27", "/27", "255.255.255.224", "0.0.0.31"},
{"26", "/26", "255.255.255.192", "0.0.0.63"},
{"25", "/25", "225.255.255.128", "0.0.0.127"},
{"24", "/24", "255.255.255.0", "0.0.0.255"},
{"23", "/23", "255.255.254.0", "0.0.1.255"},
{"22", "/22", "255.255.252.0", "0.0.3.255"},
{"21", "/21", "255.255.248.0", "0.0.7.255"},
{"20", "/20", "255.255.240.0", "0.0.15.255"},
{"19", "/19", "255.255.224.0", "0.0.31.255"},
{"18", "/18", "255.255.192.0", "0.0.63.255"},
{"17", "/17", "255.255.128.0", "0.0.127.255"},
{"16", "/16", "255.255.0.0", "0.0.255.255"},
{"15", "/15", "255.254.0.0", "0.1.255.255"},
{"14", "/14", "255.252.0.0", "0.3.255.255"},
{"13", "/13", "255.248.0.0", "0.7.255.255"},
{"12", "/12", "255.240.0.0", "0.15.255.255"},
{"11", "/11", "255.224.0.0", "0.31.255.255"},
{"10", "/10", "255.192.0.0", "0.63.255.255"},
{ "9", "/9", "255.128.0.0", "0.127.255.255"},
{ "8", "/8", "255.0.0.0", "0.255.255.255"},
{ "7", "/7", "254.0.0.0", "1.255.255.255"},
{ "6", "/6", "252.0.0.0", "3.255.255.255"},
{ "5", "/5", "248.0.0.0", "7.255.255.255"},
{ "4", "/4", "240.0.0.0", "15.255.255.255"},
{ "3", "/3", "224.0.0.0", "31.255.255.255"},
{ "2", "/2", "192.0.0.0", "63.255.255.255"},
{ "1", "/1", "128.0.0.0", "127.255.255.255"},
{ "0", "/0", "0.0.0.0", "255.255.255.255" }
} ;
- jared
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
| http://puck.nether.net/~jared/
