RE: Cisco Workaround

[Ghaith Nasrawi <libero () aucegypt edu>]

Well your solutions assume that I know the source of traffic coming to
my server, which is a very restrictive case that isn't very realistic
with today's world. Also, I tried the exploit with the latest IOS on
2651 router before adding the new ACLs, and it's still vulnerable.


./Ghaith
===============

Today is the tomorrow you worried about yesterday





-----Original Message-----
From: Tim Donahue [mailto:TDonahue () haynesconstruction com] 
Sent: Friday, July 25, 2003 10:43 PM
To: 'Ghaith Nasrawi'
Cc: firewalls () securityfocus com; security-basics () securityfocus com
Subject: RE: Cisco Workaround

Hmmm.... Why don't you open up the protocols from the addresses that you
need.  Isn't this a standard firewalling technique?

Plus I believe that they said that there are new versions of IOS that
are
not vulnerable to this attack, which means that you can upgrade IOS and
resolve the issute all together.

Tim Donahue



> -----Original Message-----
> From: Ghaith Nasrawi [mailto:libero () aucegypt edu] 
> Sent: Friday, July 25, 2003 11:33 AM
> Cc: firewalls () securityfocus com; security-basics () securityfocus com
> Subject: RE: Cisco Workaround
>
>
> Well, my question is; what the hell if I was using any of 
> these protocols?? Didn't cisco think of that?? They should 
> have suggested a more decent solution.
>
>
> ./Ghaith
> ===============
>
> Today is the tomorrow you worried about yesterday
>
>
>
>
>
> -----Original Message-----
> From: jamesworld () intelligencia com 
> [mailto:jamesworld () intelligencia com]
>
> Sent: Wednesday, July 23, 2003 6:48 PM
> To: Alvaro Gordon-Escobar
> Cc: firewalls () securityfocus com; security-basics () securityfocus com
> Subject: Re: Cisco Workaround
>
> Alvaro,
>
> No.  The protocol blocked by the access-list is protocol 53 
> not protocol
>
> TCP or protocol UDP port 53.
>
> If you need further info, let me know,
>
> -James
>
>
>
> At 09:15 7/23/2003, Alvaro Gordon-Escobar wrote:
> > will this access list modification prevent my internal DNS 
> server from
> > updates to it self from my telco's DNS server?
> >
> > access-list 101 deny 53 any any
> > access-list 101 deny 55 any any
> > access-list 101 deny 77 any any
> > access-list 101 deny 103 any any
> > !--- insert any other previously applied ACL entries here
> > !--- you must permit other protocols through to allow normal
> > !--- traffic -- previously defined permit lists will work
> > !--- or you may use the permit ip any any shown here access-list 101 
> > permit ip any any
> >
> > Thanks in advance
> >
> > ~alvaro Escobar
> >
> > -------------------------------------------------------------
> ----------
> ----
> > -------------------------------------------------------------
> ----------
> -----
>
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ----
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------