RE: Advisory - tunneling of IP at exchange points.
Thanks Paul, wonderful job. Side-note (taken from the exploit write-up http://www.linx.net/tunnel-advisory.txt):
// Adding "log-input" to the end of each access-list line will log // the hardware address of the sender for good measure. IOS 11.1 // and upwards only (from memory)
We find log-input to very unreliable and often producing wrong information. It indeed operates differently across the 11.1 train (no comment on 11.2 offered) I think 11.1.15 breaks it badly. Albeit improperly worded and not well defined in print on CCO, please reference cisco BUGid CSCdj40503 prior to trusting log-input for any valid info. Best regards, David Van Allen - FASTNET(tm) / You Tools Corporation dave@fast.net (888)321-FAST(3278) http://www.fast.net FASTNET - Business and Personal Internet Solutions
-----Original Message----- From: Paul Thornton [SMTP:prt@linx.net] Sent: Tuesday, November 25, 1997 9:47 AM To: nanog@merit.edu Cc: eof@ripe.net; se-gix@sunet.se; mae-east-tech@uu.net; membership@linx.net; ops@linx.net Subject: Advisory - tunneling of IP at exchange points.
-- PLEASE NOTE: If you are replying to this, consider pruning the list -- of cc's rather than crossposting replies wildly! Thanks.
[snip]
The LINX and several of its members have recently had to take action against an ISP that was using GRE tunneling between exchange points to appropriate the capacity of other ISPs.
Keith Mitchell
Chairman London InterNet Exchange keith@linx.org Geneva House, 3 Park Road Peterborough PE1 2UX United Kingdom Phone: +44 1733 705000 (fax 353929)
Paul
-- Paul Thornton, Network Engineer, London Internet Exchange Ltd. Tel: 07000 783797 Mobile: +44 467 372205
On Wed, 26 Nov 1997, Dave Van Allen wrote: ==>We find log-input to very unreliable and often producing wrong ==>information. It indeed operates differently across the 11.1 train (no ==>comment on 11.2 offered) I think 11.1.15 breaks it badly. Albeit ==>improperly worded and not well defined in print on CCO, please reference ==>cisco BUGid CSCdj40503 prior to trusting log-input for any valid info. CSCdj40503 simply fixes a problem where packets are not logged under certain conditions. It doesn't change any information. I've never seen a problem with log-input reporting bad information; if you have and can reproduce, please document and contact your normal support channels to fix this valuable tool. /cah
participants (2)
-
Craig A. Huegen
-
Dave Van Allen