09-10-2009 08:04 AM - edited 03-09-2019 10:33 PM
Hello,
With the recent news about TCP state manipulation I have found out I have an older Internet facing router that is vulnerable to attack.
Its a c2621 running:
IOS (tm) C2600 Software (C2600-IS4-M), Version 12.3(26), RELEASE SOFTWARE (fc2)
The router only has 16mb of flash and 64mb of main (RAM) memory.
The the patched IOSs all require 32mb of flash memory and 128mb of RAM.
What can I do today to workaround this obvious problem??
Thanks,
Pedro
09-10-2009 09:17 AM
Pedro
I am not sure that there is any attractive answer for your situation. It looks like if you want to get code that fixes the problem (generally the preferred solution) that you would have to upgrade the hardware.
As I understand the description of the problem, to execute the attack the bad guy must complete the three way handshake with the router. So probably your best workaround is to control very tightly what is allowed to establish TCP connection to the router. I would start with the access list on the public facing interface (you do have an access list on that interface?). Make sure that connection to the router on TCP based services are denied or if they need to be allowed make sure that you restrict the addresses that are allowed to make the connection. After you have controlled TCP access from outside you might want to make a similar effort to control access from inside.
HTH
Rick
09-10-2009 11:36 AM
The only thing this router does is DNS. It answers queries (UDP) and does zone transfers (TCP) with certain allowed hosts. Everything else is blocked.
I think I am looking ok.
Thoughts?
09-11-2009 04:52 AM
Pedro
If everything else is blocked and if you are controlling who can do zone transfers, then I believe that you are ok.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide