[c-nsp] Possible security issue with CDP
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Jun 26 01:31:25 EDT 2008
Just wanted to alert people to a possible minor info leak in regards
to Cisco CDP.
We had 'cdp off' on POS11/0/0 which is an STM-16 link. Now change the
encap from ppp to hdlc. Automagically, without notifying anyone, IOS
changes CDP to be on. Not a good thing when trying to maintain a secure
router.
This behavior has been documented in CSCso40579 but has been marked
closed.
CSCso59137 (sev=4) documents the behavior as working as designed. This
bugid will print a CDP status change message when such an event occurs.
There have been security issues with CDP previously:
<http://www.cisco.com/en/US/tech/tk962/technologies_security_notice09186a0080093ef0.html>
so if you want your router to be secure, always double check your
settings since things might change without you knowing it.
-Hank
More information about the cisco-nsp
mailing list