[Snort-devel] Cisco IOS Interface Blocked by IPv4 Packets

Atul Shrivastava atul_iet at ...398...
Sun Jul 20 21:22:03 EDT 2003


I came to know about the following vulnerability in CISCO IOS about denial of service attacks (DDOS)

To give a brief description:
If an interface on a Cisco IOS device receives a rare, specially crafted sequence of IPv4 packets with any of protocol types 53, 55, 77 or 103, the device may incorrectly flag the input queue as full and will not process any inbound packets. This will result in routing protocols to drop  on that interface . The device will have to be rebooted to clear the buffer queue.This  attack can be repeated on all interfaces causing the router to be remotely inaccessible  and can bring down the router.

Rule for this DDOS is not there in the snort.rules


Atul Shrivastava  


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030720/caea2b50/attachment.html>

More information about the Snort-devel mailing list