[nsp] 2950's vulnerable
Volodymyr Yakovenko
vovik at dumpty.org
Sat Jul 19 20:03:14 EDT 2003
On Fri, Jul 18, 2003 at 03:21:14PM -0700, Siva Valliappan wrote:
>the Catalyst 2950 is a layer 2 device that runs IOS. so your transit
>traffic will not be affected even if the device is dos-ed. however your
>management interface to the box can be DOSed. so you will need to
>take steps to protected the "Management VLAN" interface.
And the easiest solution could be applying inbound access-list on management
VLAN interface, like:
int vlanX
ip access-group PROTECT-FROM-DOS in
ip access-list extended PROTECT-FROM-DOS
deny 53 any any
deny 55 any any
deny 77 any any
deny 103 any any
permit ip any any
>cheers
>.siva
>
>On Fri, 18 Jul 2003, Matt Stockdale wrote:
>
>> Any idea if Catalyst 2950's are vulnerable to the latest exploit, since
>> they don't actually route anything? I'm not looking forward to upgrading
>> 40+ of these.. I didn't see anything on the advisory about them..
>>
>> --
>> ------------------------------------------
>> Matt Stockdale Logicworks
>> Sr. Network Engineer www.logicworks.net
>> mstockda at logicworks.net (212) 625-5307
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Regards,
Volodymyr.
More information about the cisco-nsp
mailing list