[Snort-users] Anyone got a rule for the latest Cisco bug?

Jason Haar Jason.Haar at ...294...
Thu Jul 17 17:33:25 EDT 2003

On Thu, Jul 17, 2003 at 08:28:35PM -0400, Jon Hart wrote:
> "Cisco routers are configured to process and accept Internet Protocol
> version 4 (IPv4) packets by default. A rare, specially crafted sequence
> of IPv4 packets with protocol type 53 (SWIPE), 55 (IP Mobility), 77
> (Sun ND), or 103 (Protocol Independent Multicast - PIM) which is
> handled by the processor on a Cisco IOS device may force the device to

Huh! If that's all it is, then it's basically a non-issue. We all have "deny
ip any any" at  the ends of our external ACL lists don't we... :-)


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list