ok, the origniating site seems to be up and doin better now.............
from the exploit published these notes as included:
* Cisco Hot Standby Routing Protocol (HSRP) Denial of Service
* Written by bashis @ [[EMAIL PROTECTED] ], U may use it freely.
*
* My intention of this code is to show how weak HSRP protocol is.
*
* Description:
* This code listen for any HSRP packet, when it hear one HSRP packet,
* it capture this, modifies some of HSRP protocol parameters, and send out
* a fake HSRP packet that tells other routers that I am the active router,
* I have highest priority and you should be 'Standby' or silent..
*
* If the other active, and legal router has highest possible
* priority (255), then they will fight.. ;-) , AND it seems
* in my tests that the legal router who 'wishes' be active router,
* IS allready active, so no DoS will occure. (only UDP flood from both)
so......... default HSRP priority is 100. If a HSRP pool didn't really
require priority, could it be set anyway to 255 and would this protect
against this DOS?
Kevin Wigle
----- Original Message -----
From: Brian Dennis
To:
Sent: Tuesday, May 08, 2001 3:54 AM
Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
> It's not the best solution but if you're really worried you could create
an
> access-list (see configs below). HSRP uses UDP port 1985 and the
destination
> address is to all routers (224.0.0.2). Perfect solution? No. Better than
> nothing? Yes.
>
> Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> 5G Networks, Inc.
> [EMAIL PROTECTED]
> (925) 260-2724
>
> !
> hostname R1
> interface Ethernet 0
> ip address 192.168.1.1 255.255.255.0
> standby ip 192.168.1.254
> standby authentication c!sc0b2b
> access-group 100 in
> !
> access-list 100 permit udp host 192.168.1.2 eq 1985 host 224.0.0.2 eq 1985
> access-list 100 deny udp any eq 1985 any eq 1985
> access-list 100 permit ip any any
>
>
> !
> hostname R2
> !
> interface Ethernet 0
> ip address 192.168.1.2 255.255.255.0
> standby ip 192.168.1.254
> standby authentication c!sc0b2b
> access-group 100 in
> !
> access-list 100 permit udp host 192.168.1.1 eq 1985 host 224.0.0.2 eq 1985
> access-list 100 deny udp any eq 1985 any eq 1985
> access-list 100 permit ip any any
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jacques Atlas
> > Sent: Monday, May 07, 2001 11:10 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
> >
> >
> > On Tue, 8 May 2001, Curtis Call wrote:
> >
> > |In other words always use authentication.
> >
> > i dont think the authentication in clear text is going to help,
> > the solution from the vendor is to run HSRP with IPSec.
> >
> > --
> > jacques
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3638&t=3534
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
