9 Jun
2004
9 Jun
'04
4:19 p.m.
On Wed, 9 Jun 2004, Sean Donelan wrote:
On Mon, 7 Jun 2004, McBurnett, Jim wrote:
Aside from that, Use ACL's out the wazoo on the VTY lines and limit access to that to say 1 SSH enabled router or 1 IPSEC enabled router...
It doesn't really matter if you use SSH, Telnet or HTTP; if you can send evil packets to the router/switch and it falls over and dies.
http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml
IP Permit Lists will not provide any mitigation against this vulnerability.
The race is on, who will find your switches first?
yes, i often wondered why the permit list allows the session to connect then gives you a polite message before disconnecting. anyway this is only on catos.. Steve