Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Filter multicast 224.0.0.0/4

Ok I just hooked up an aDSL cisco 877 at a customers site. I ran a nessus audit on the external IP of that router and everything passes except for the following.

Description:

Your machine answers to TCP packets that are coming from a multicast

address. This is known as the 'spank' denial of service attack.

An attacker might use this flaw to shut down this server and

saturate your network, thus preventing you from working properly.

This also could be used to run stealth scans against your machine.

Solution : contact your operating system vendor for a patch.

Filter out multicast addresses (224.0.0.0/4)

Ok so I read this message and figured ok on my inbound access-list I should just add the following: deny ip 224.0.0.0 0.255.255.255 but that did not help.

Have any ideas on what I could do to filter out 224.0.0.0/4

Thanks,

LD

2 REPLIES
Hall of Fame Super Gold

Re: Filter multicast 224.0.0.0/4

LD

It is not clear from what you posted whether the 224.0.0.0 is the source address or the destination. But it needs to be the destination address. Also the mask that you gave will not filter /4 but would essentially filter /24. If you try this you should find that it works:

deny ip any 224.0.0.0 15.255.255.255

Depending on your particular environment filtering out all multicast may or may not be a desirable thing to do. But if you believe that you want to do it this version of the access list should get it done. Of course there should be some other things in the access list = deny other unwanted traffic and permit desirable traffic.

HTH

Rick

Community Member

Re: Filter multicast 224.0.0.0/4

Ok this worked out just fine, I just needed to do deny ip 224.0.0.0 15.255.255.255 any...

I guess my question is why I would need to do this? I already had an access-list setup on my inbound traffic. I thought at the end of all access-lists there was an explicit deny.

LR

1080
Views
0
Helpful
2
Replies
CreatePlease to create content