[c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products

[Kevin Graham]

Sorry for the late response, had to dig through some old cases...


> But anyway - my routers are lying to me.  They list *.179 just fine (BGP),
> but all the other interesting stuff (telnet, ssh, ldp) is not there...

Last dug into this 2.5y ago (while looking into PSIRT cisco-sa-20070131-sip)
and the answer was:

     CSCdk86016
     Externally found moderate defect: Duplicate (D)
     Theres no way to see all listening ports

     CSCds10428
     Internally found moderate defect: Closed (C)
     Need netstat kind of support for IOS TCP/UDP

     It looks like after the business units analyzed everything they decided
     they were not going to move forward with this command.   

     "Currently we have the show tcp brief all which gives the lists the
     TCB's in the listening state. Also the netstat command is more generic
     and applicable to UNIX.  While it is desirable to have something like
     that, I don't see the exact benefits of the same."

Hopefully the new feature Eloy referred to will be more broadly available;
does anyone have the DDTS for its integration into 12.2S-derived trains?