Re: Three possible DoS attacks against some IOS versions.

[Sharad Ahlawat <sahlawat () cisco com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This email is in response to the BugTraq posting at
http://online.securityfocus.com/archive/1/276270/2002-06-08/2002-06-14/2

Cisco is currently working on Cisco Bug Id CSCdx82139 to ensure that 
HSRP validates the destination IP address of packets received, before 
processing them. This will be integrated in all new releases of IOS.

In the interim the steps documented by Shane at
http://online.securityfocus.com/archive/1/276347/2002-06-08/2002-06-14/2
could be used as best practice.

On Saturday June 8 2002 02:21, Felix Lindner wrote:
> Sharad Ahlawat wrote:
> > an excerpt form RFC 2281 - Cisco HSRP
> >
> > 7. Security Considerations
>
> [SNIP]
>
> >  It is difficult to subvert the protocol from outside the
> >  LAN as most routers will not forward packets addressed to the
> >  all-routers multicast address (224.0.0.2).
>
> This does not prevent remote attacks because Cisco devices do not
> validate the destination address of a HSRP packet. Unicast packets
> are accepted, which can be tested using the hrsp tool at
> http://www.phenoelit.de/irpas/
>
> Regards
> /F

- -- 
Sharad Ahlawat.
Product Security Incident Response Team (PSIRT) Incident Manager
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087 (Land line and Mobile)
DH/DSS key Id: 0xC12A996C
Fingerprint: 9A93 2A20 43E5 7F01 2954  C427 1A81 A898 C12A 996C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9BuoEGoGomMEqmWwRAgVdAJ4jb3rvk+ha+a55JJvGmNVwHO6GZQCfUypa
/7CfuGKx+P3w2zo7gv/2v4E=
=B1E/
-----END PGP SIGNATURE-----