IP Permit Lists will not provide any mitigation against this vulnerability.
The race is on, who will find your switches first?
yes, i often wondered why the permit list allows the session to connect
then
gives you a polite message before disconnecting.
anyway this is only on catos..
Steve
I have been up to my ears in UDP-TCP-ACK-SYN Attacks for a couple of weeks now. And IP Lists are useless when the attacker base exceeds that of the router's memory, therefore I agree. Paul Vixie stated earlier that there were/are some "short on work" Cisco BGP/Router Engineers here or around this channel. If that is in-fact the case then I could use some paid help and welcome anyone that wants to strike out on their own and hang up their own shingle. Peter 301-340-1533