Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service

Hello,

Question regarding the work around for the recent Cisco Security Advisory (cisco-sa-20070124). The link to this advisory is here:http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807cb0e4.shtml#vuln

The work around says to create an access-list for example:

access-list 150 permit tcp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK

So trusted_hosts, is that the hosts on my network?

Infrastructure_addresses, is this my routers

I'm not sure what they are saying here. If anyone could shed some light, that would be great

Thanks

Mike

2 REPLIES
New Member

Re: Cisco Security Advisory: Crafted TCP Packet Can Cause Denial

Pretty close. Trusted hosts SHOULD be hosts that are A.,trusted and B., require access to those devices. So as an example "TRUSTES_HOSTS" could be management stations, admin desktops, or whatever is required to have access and you is "trusted". Ideally infrastructure address space should only be reachable from trusted users that need access and no one else. Infrastructure space would likely include addresses for routers, firewalls, switches , authentication servers, monitoring servers, basically anything that makes the network run and keeps it alive. Hope this helps.

New Member

Re: Cisco Security Advisory: Crafted TCP Packet Can Cause Denial

Great... Thanks for the help

118
Views
3
Helpful
2
Replies
CreatePlease to create content