|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Protecting inbound interfaces (re: Cisco exploit)
Depends on the platform; if it is a Cisco GSR or 7500 (w/ sufficiently current IOS), you can look into using a Receive ACL (rACL). The Cisco advisory being sent around in the discussion of the latest vulnerability has a link to more info for Cisco rACLs - Wayne Rick Ernst wrote: Is there a way to globally protect all inbound interfaces on a router via ACL (specifically hundreds of frame/sub-interfaces) without applying the same ACL to each individual interface? Is the "line vty" config only for telnet/ssh, etc. or is it the magic global that I'm looking for? I'd post this on inet-access but this is where the conversation is taking place. Thanks, Rick
|