On Thu, 17 Jul 2003, Mikael Abrahamsson wrote:
On Wed, 16 Jul 2003, Darrell Kristof wrote:
Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
IS anyone seeing this exploited in the wild? It'd be good to know if we need to do panic upgrade or can schedule it for our next maintenance window (which is during the weekend).
According to the cisco advisory, there are no reports of public knowledge of the exploit nor has anyone been detected using the exploit. Since Cisco is keeping the packet information confidential, you can't program an IDS to detect it (i.e. no signature is available). But if your router does hang up, the cisco advisory includes information about checking if you've been hit by this bug; versus the numerous other bugs :-( Cisco stated if they receive any reports of the exploit in the wild, they will re-issue the advisory with the updated information.