|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Cisco IOS vulnerability
From: Octavio Novoa (ONOVOA
diveo.net.pe)
Date: Fri Jul 18 2003 - 15:41:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've tried myself the undefinied ACL as "not of the others rule" but never
worked out. I always specify the last acl as "permit everything I do not
want to deny".
______________________________
Octavio Novoa Linares
DIVEO Telecomunicaciones del Perú
Ph. 511-4224522 Ext. 2154 Fax 511-4220064
AIM Id: onovoa 99
-----Mensaje original-----
De: Mitchell Rowton [mailto:mitchellattackprevention.com]
Enviado el: Viernes, 18 de Julio de 2003 02:24 p.m.
Para: wangwsingnet.com.sg; Gustavo Kruel; incidentssecurityfocus.com
Asunto: Re: Cisco IOS vulnerability
I just looked this up to verify my memory, in Managing Cisco Network
Security by Michael Wenstrom (p.713) it says that undefined access list
equals permit any. I'm not saying it is true... just referencing that
book.
But in this case a "tcp established" ACL isn't empty anyway. Yeah,
this should be fine.
____________________________________________________
http://www.attackprevention.com
Information Security documents, articles, and policy
>
> My understanding of the basic way cisco ACL works are: if your ACL is
not
> empty, then any unmatched packet (with ACL list) will be dropped,
like a
> default deny all. So in your case, the supposedly attack packets all
use
> protocol 53, 55 etc, thus won't match anything in your ACL list, thus
shall be
> dropped. So for this particular attack, it shall be OK (provided the
ACL has
> applied to the external interface for external attacks).
>
> Any cisco expert has any comment / confirmation on this?
>
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists. See for yourself what the buzz is
about!
Early-bird registration ends July 3. This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]