North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: cisco IOS bug/exploit?
Barton F Bruce wrote: >There is a chance that you have a static for 0.0.0.0 0.0.0.0 to eth0 or >something like that even though the other end may be the only thing on the >ethernet. DON'T do that! > >The router will arp for every address it needs to get to. >With codered around, that can be bad. > >Use a static default to a real ip address. Use "no ip proxy-arp" (you should all be doing this anyway). With proxy ARP disabled, a default route to an ethernet interface won't work unless 0.0.0.0/0 really is connected at layer 2. >There is somthing on CCO about this. http://www.cisco.com/warp/public/63/ts_codred_worm.shtml Mark
|