[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [afnog] cisco workaround
- To: Kabagambe Kenneth <kenneth at eahd.or.ug>
- Subject: Re: [afnog] cisco workaround
- From: Rob Thomas <robt at cymru.com>
- Date: Fri, 18 Jul 2003 15:12:04 -0500 (CDT)
- Cc: AFNOG <afnog at afnog.org>
- Content-Type: TEXT/PLAIN; charset=US-ASCII
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog at afnog.org
- In-Reply-To: <18894.212.88.97.58.1058554514.squirrel at mail5.cfi.co.ug>
- List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
- List-Help: <mailto:afnog-request at afnog.org?subject=help>
- List-Id: The AfNOG general discussion list <afnog.afnog.org>
- List-Post: <mailto:afnog at afnog.org>
- List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
- List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
- Sender: afnog-bounces at afnog.org
Hi, Kenneth.
] what workaround exists for the 11.3* IOS version? is is not listed in the
] versions that can be patched.are the ACLs enough?
The ACLs are enough, yes. Be careful when blocking PIM (protocol
103) if you have Multicast on your network. Keep in mind that a
router with PIM enabled on *any* interface is immune to the
protocol 103 attack vector. Enabling PIM does not protect the
device from the protocols 53, 55, and 77 attack vectors, however.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>