Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: CISCO ADMINISTRATORS: Operational - URGENT

  • From: David Brouda
  • Date: Thu Aug 13 16:04:43 1998

It should be noted that there is a workaround:

>From the field notice:

It is possible to work around this problem by preventing interactive
access to the Cisco IOS device. If only IP-based
interactive access is of concern, this can be done by using the ip
access-class line configuration to apply an access list to
all virtual terminals in the system. However, it is important to remember
that non-IP-based means of making interactive
connections to Cisco IOS devices do exist, and to eliminate those means as
possible routes of attack. Interactive access can
be prevented completely by applying the configuration command no exec to
any asynchronous line, or the command
transport input none to any virtual terminal line, that may be accessible
to untrusted users.

So upgrading code on the routers is not needed if you only have telnet
access and apply the appropriate ACL.

-David

> Cisco will be releasing a field notice of an IOS vulnerability to *most*
> IOS images.  Attackers need not be able to actually login to the device to
> cause it to reboot/crash.  Details of the notice are available @
> http://www.cisco.com/warp/public/770/ioslogin-pub.shtml


--
David Brouda                    Verio Pennsylvania
Phone: 215/387-6305             3700 Market Street, Suite 307
Fax: 215/387-6302               Philadelphia, PA 19104
mailto:dbrouda@verio.net        http://pennsylvania.verio.net





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.