[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
- From: "Dobbins, Roland" <rdobbins@xxxxxxxxx>
- Date: Fri, 2 Jul 2010 23:24:42 +0000
On Jul 3, 2010, at 2:05 AM, Mailing lists at Core Security Technologies wrote:
> Perhaps we should too ask and wait for actual data from Mr. Shang
I acknowledged this deeper in the thread - and also noted that since I've seen
the same kind of reported behavior not above two or three hundred times in the
past, that it sure looks like a classic RP DoS due to punted management-plane
traffic.
I used to work for Cisco, and have the highest respect for the PSIRT team; I'm
sure if there's an issue beyond simple BCPs, they'll resolve it.
In the meantime, everyone should ensure that their networks disallow control-
and management-plane traffic from unauthorized nodes via iACLs, CoPP, et. al.;
and also investigate rate-limiting management- and control-plane traffic in a
situationally-appropriate manner via CoPP, HWRL, et. al.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@xxxxxxxxx> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/