North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Cisco Vulnerability Testing Results

  • From: Jason Frisvold
  • Date: Fri Jul 18 10:51:29 2003

Hi all,

	First post..  I hope this is ok ...

	We tested the Cisco vulnerability and I wanted to share our results
with you ...

	The attack code we used is the same code that was posted to the Full
Disclosure list.   Compiled on a Redhat Linux 6.2 machine.

Testing scenario is this : 

Linux Machine (
Cisco 2514 
   Ethernet0 ( is in from the attacker 
   Ethernet1 ( is output to the 2501 
Cisco 2501 
   Ethernet0 ( is in from the 2514 

First attack was to the 2514, ran the program as thus : 

./sc 1 

This produced unexpected results. Cisco indicated that the vulnerability
was on the interface specified in the packets. However, after running
this, it was actually the INPUT interface that the input queue increased
on. In our test, this was Ethernet0, not Ethernet1 as expected. 

Next attach was to the 2501 : 

./sc 2 

This produced expected results. Input queue did increase on the 2501. 

Next we tried a pass-through attack : 

./sc 0 
./sc 1 

No interfaces on either Cisco were affected. It seems that pass-through
attacks are not possible. The attack *must* terminate on an IP on one of
the router interfaces.

An additional test to both routers using a high TTL value was also run. 
No interfaces were affected.  This is in-line with Cisco's posting.

Code was then upgraded on the 2514 to 12.0.27 (non-vulnerable) .. Tests
were run again. This time, the 2514 was not affected by any tests. The
2501 was still vulnerable.

I will be testing ACL's in a moment, but I wanted to get these results
out and see if they were on-par with any testing anyone else has done.

Jason H. Frisvold
Backbone Engineering Supervisor
Penteledata Engineering
[email protected]
RedHat Engineer - RHCE # 807302349405893
Cisco Certified - CCNA # CSCO10151622
MySQL Core Certified - ID# 205982910
"Imagination is more important than knowledge.
Knowledge is limited. Imagination encircles
the world."
      -- Albert Einstein [1879-1955]

Attachment: signature.asc
Description: This is a digitally signed message part