|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: CISCO ADMINISTRATORS: Operational - URGENT
It should be noted that there is a workaround: >From the field notice: It is possible to work around this problem by preventing interactive access to the Cisco IOS device. If only IP-based interactive access is of concern, this can be done by using the ip access-class line configuration to apply an access list to all virtual terminals in the system. However, it is important to remember that non-IP-based means of making interactive connections to Cisco IOS devices do exist, and to eliminate those means as possible routes of attack. Interactive access can be prevented completely by applying the configuration command no exec to any asynchronous line, or the command transport input none to any virtual terminal line, that may be accessible to untrusted users. So upgrading code on the routers is not needed if you only have telnet access and apply the appropriate ACL. -David > Cisco will be releasing a field notice of an IOS vulnerability to *most* > IOS images. Attackers need not be able to actually login to the device to > cause it to reboot/crash. Details of the notice are available @ > http://www.cisco.com/warp/public/770/ioslogin-pub.shtml -- David Brouda Verio Pennsylvania Phone: 215/387-6305 3700 Market Street, Suite 307 Fax: 215/387-6302 Philadelphia, PA 19104 mailto:[email protected] http://pennsylvania.verio.net
|