OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: specifics on cisco DOS?

Re: specifics on cisco DOS?

Jared Mauch (jaredPUCK.NETHER.NET)
Mon, 17 Aug 1998 14:40:39 -0400 

On Mon, Aug 17, 1998 at 05:43:36PM +0000, Roger Books wrote:
> Does anyone have specifics on the latest DoS on cisco routers?
>
> http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
>
> I have been assigned the task of determining not only if
> we are vulnerable, but how difficult it is to perform

        Vulnerability should be fairly easy to determine via
"sh ver"

        A "good" way to cause this to no longer be an issue
for you is to assign inbound-vty access-lists on your routers,
such that you can only telnet to them from certain ip addresses,
hosts, etc..

        Here's an example of your config you would need to insert
to your cisco router.

access-list 50 permit 10.20.128.0 0.0.63.255
line vty 0 4
 access-class 50 in
 login
!

        This will allow 10.20.128.0/18 to telnet into your router ONLY.
This will also help prevent joe-blow user from the internet
to determine your router vendor.  (Unless you do
something silly like use snmp-server community public, or don't
acl your snmp-server community public).

        A "good thing(tm)" IMHO.

        For your reference, here's the various subnet masks
from one of my cisco-acl programs, so you can do this without problems:

        Format: cidr, cidr+slash, mask, cisco inverted-mask

char lookupnfo[][4][16] = { { "32", "/32", "255.255.255.255", "0.0.0.0" },
                        {"31", "/31", "255.255.255.254", "0.0.0.1"},
                        {"30", "/30", "255.255.255.252", "0.0.0.3"},
                        {"29", "/29", "255.255.255.248", "0.0.0.7"},
                        {"28", "/28", "255.255.255.240", "0.0.0.15"},
                        {"27", "/27", "255.255.255.224", "0.0.0.31"},
                        {"26", "/26", "255.255.255.192", "0.0.0.63"},
                        {"25", "/25", "225.255.255.128", "0.0.0.127"},
                        {"24", "/24", "255.255.255.0", "0.0.0.255"},
                        {"23", "/23", "255.255.254.0", "0.0.1.255"},
                        {"22", "/22", "255.255.252.0", "0.0.3.255"},
                        {"21", "/21", "255.255.248.0", "0.0.7.255"},
                        {"20", "/20", "255.255.240.0", "0.0.15.255"},
                        {"19", "/19", "255.255.224.0", "0.0.31.255"},
                        {"18", "/18", "255.255.192.0", "0.0.63.255"},
                        {"17", "/17", "255.255.128.0", "0.0.127.255"},
                        {"16", "/16", "255.255.0.0", "0.0.255.255"},
                        {"15", "/15", "255.254.0.0", "0.1.255.255"},
                        {"14", "/14", "255.252.0.0", "0.3.255.255"},
                        {"13", "/13", "255.248.0.0", "0.7.255.255"},
                        {"12", "/12", "255.240.0.0", "0.15.255.255"},
                        {"11", "/11", "255.224.0.0", "0.31.255.255"},
                        {"10", "/10", "255.192.0.0", "0.63.255.255"},
                        { "9",  "/9", "255.128.0.0", "0.127.255.255"},
                        { "8",  "/8", "255.0.0.0", "0.255.255.255"},
                        { "7",  "/7", "254.0.0.0", "1.255.255.255"},
                        { "6",  "/6", "252.0.0.0", "3.255.255.255"},
                        { "5",  "/5", "248.0.0.0", "7.255.255.255"},
                        { "4",  "/4", "240.0.0.0", "15.255.255.255"},
                        { "3",  "/3", "224.0.0.0", "31.255.255.255"},
                        { "2",  "/2", "192.0.0.0", "63.255.255.255"},
                        { "1",  "/1", "128.0.0.0", "127.255.255.255"},
                        { "0",  "/0", "0.0.0.0", "255.255.255.255" }
                } ;

        - jared

--
Jared Mauch  | pgp key available via finger from jaredpuck.nether.net
             | http://puck.nether.net/~jared/