RE: Cisco HSRP Denial of Service Vulnerability [7:3534]

Mon, 07 May 2001 21:42:16 -0700 

In other words always use authentication.

At 10:23 PM 5/7/01, you wrote:
> >>I guess I'm dense. The DOS does what? Makes it possible to advertise a
>false
> >>destination as the active HSRP address ?
>
>I guess by mulitcasting a higher priority HSPR packets, the receiving
>routers will assume secondary role thus no routers will be active.
>
>-----Original Message-----
>From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, May 08, 2001 11:29 AM
>To: Andy Low; [EMAIL PROTECTED]
>Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
>
>
>Interesting....
>
>"A problem in the Cisco Hot Standby Routing Protocol (HSRP) makes it
>possible to deny service to users of network resources. By eavesdropping on
>HSRP management messages sent over the network, it is possible to create a
>spoofed message that will reroute all network traffic to a particular
>system. By doing so, it is possible to prevent traffic from entering or
>leaving that network."
>
>I guess I'm dense. The DOS does what? Makes it possible to advertise a false
>destination as the active HSRP address ?
>
>"This problem makes it possible for system local to the network to deny
>service to legitimate users of that network segment."
>
>In other words, your enemy is someone on the inside. Which is where 80% of
>any network's vulnerabilities occur!
>
>Chuck
>
>
>-----Original Message-----
>From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Andy
>Low
>Sent:   Monday, May 07, 2001 8:20 PM
>To:     [EMAIL PROTECTED]
>Subject:        Cisco HSRP Denial of Service Vulnerability [7:3534]
>
>Hi TAC,
>
>Anyone know of any solutions to the HSRP exploits?
>
>http://www.securityfocus.com/bid/2684
>
>-andy-
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3550&t=3534
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to