[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] cisco workaround



Hi, Kenneth.

] what workaround exists for the 11.3* IOS version? is is not listed in the
] versions that can be patched.are the ACLs enough?

The ACLs are enough, yes.  Be careful when blocking PIM (protocol
103) if you have Multicast on your network.  Keep in mind that a
router with PIM enabled on *any* interface is immune to the
protocol 103 attack vector.  Enabling PIM does not protect the
device from the protocols 53, 55, and 77 attack vectors, however.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);


__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>