Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
3
Replies

TCP state manipulation vulnerabilities in IOS

Pete89
Level 2
Level 2

‎09-10-2009 08:04 AM - edited ‎03-09-2019 10:33 PM

Hello,

With the recent news about TCP state manipulation I have found out I have an older Internet facing router that is vulnerable to attack.

Its a c2621 running:

IOS (tm) C2600 Software (C2600-IS4-M), Version 12.3(26), RELEASE SOFTWARE (fc2)

The router only has 16mb of flash and 64mb of main (RAM) memory.

The the patched IOSs all require 32mb of flash memory and 128mb of RAM.

What can I do today to workaround this obvious problem??

Thanks,

Pedro

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎09-10-2009 09:17 AM

Pedro

I am not sure that there is any attractive answer for your situation. It looks like if you want to get code that fixes the problem (generally the preferred solution) that you would have to upgrade the hardware.

As I understand the description of the problem, to execute the attack the bad guy must complete the three way handshake with the router. So probably your best workaround is to control very tightly what is allowed to establish TCP connection to the router. I would start with the access list on the public facing interface (you do have an access list on that interface?). Make sure that connection to the router on TCP based services are denied or if they need to be allowed make sure that you restrict the addresses that are allowed to make the connection. After you have controlled TCP access from outside you might want to make a similar effort to control access from inside.

HTH

Rick

HTH

Rick
0 Helpful

Pete89
Level 2
Level 2
In response to Richard Burts

‎09-10-2009 11:36 AM

The only thing this router does is DNS. It answers queries (UDP) and does zone transfers (TCP) with certain allowed hosts. Everything else is blocked.

I think I am looking ok.

Thoughts?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Pete89

‎09-11-2009 04:52 AM

Pedro

If everything else is blocked and if you are controlling who can do zone transfers, then I believe that you are ok.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents