Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
3
Helpful
2
Replies

Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service

MICHAEL CICCONE
Level 1
Level 1

‎01-30-2007 08:27 AM - edited ‎03-09-2019 05:18 PM

Hello,

Question regarding the work around for the recent Cisco Security Advisory (cisco-sa-20070124). The link to this advisory is here:http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807cb0e4.shtml#vuln

The work around says to create an access-list for example:

access-list 150 permit tcp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK

So trusted_hosts, is that the hosts on my network?

Infrastructure_addresses, is this my routers

I'm not sure what they are saying here. If anyone could shed some light, that would be great

Thanks

Mike

Labels:
0 Helpful
2 Replies 2

timmk
Level 1
Level 1

‎01-31-2007 10:42 AM

Pretty close. Trusted hosts SHOULD be hosts that are A.,trusted and B., require access to those devices. So as an example "TRUSTES_HOSTS" could be management stations, admin desktops, or whatever is required to have access and you is "trusted". Ideally infrastructure address space should only be reachable from trusted users that need access and no one else. Infrastructure space would likely include addresses for routers, firewalls, switches , authentication servers, monitoring servers, basically anything that makes the network run and keeps it alive. Hope this helps.

MICHAEL CICCONE
Level 1
Level 1
In response to timmk

‎01-31-2007 12:03 PM

Great... Thanks for the help

0 Helpful
Customers Also Viewed These Support Documents