[Snort-users] Anyone got a rule for the latest Cisco bug?
bmc at ...950...
Thu Jul 17 18:06:15 EDT 2003
On Fri, Jul 18, 2003 at 10:12:09AM +1200, Jason Haar wrote:
> Apparently some hacked IPv4 packet sent at a Cisco router's actual IP
> address can cause a table to fill up - causing the router to become unusable.
Well, you should have done this a long time ago. Standard policy based IDS.
alert ip ![$ROUTERS,$ADMINS] any -> $ROUTERS any (msg:"evil router foo";)
More information about the Snort-users