I just got a report from our security scan company that we failed our quarterly audit because:
Category: Denial of Service
Summary: Sends a TCP packet from a multicast address
Your machine answers to TCP packets that are coming from a multicast
address. This is known as the 'spank' denial of service attack.
An attacker might use this flaw to shut down this server and
saturate your network, thus preventing you from working properly.
This also could be used to run stealth scans against your machine.
Solution : contact your operating system vendor for a patch.
Filter out multicast addresses (188.8.131.52/4)
Do I just need to put a statement in my outside interface access-list denying this? I'm not sure why I would need this since there is supposed to be an explicit deny all at the end of every access-list. Is that not correct?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...