[c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products
Gert Doering
gert at greenie.muc.de
Thu Sep 10 09:23:52 EDT 2009
Hi,
On Thu, Sep 10, 2009 at 03:09:43PM +0200, Mark Meijerink wrote:
> When I run the command I see al the active BGP/SSH/LDP sessions with Local Address, Foreign Address and state (ESTAB/LISTEN)
Which IOS version is that? I tried with 12.2S and 12.2SXF and SXI2,
and while I see telnet/LDP as "ESTAB", there's no "LISTEN" for either.
Besides the output format being horribly broken... any way to turn off
the DNS resolution and long-name-mangling here? A very nice specimen
is this one...:
52CDE4A4 C 2620:0:6B0::26E5:4242. ESTAB
isco-z-XYZ-GRH-Peer.Space.Ne36163
"I have a slight idea what this might be, but it's a bit hard to see"
> There is one entry in the table which I find a bit strange.
> ######## *.* *.* LISTEN
>
> Listener on all ports???
Makes the "what ports do I need to check" assessment a bit tricky
indeed...
I can see this one ("*") on SXH3a and 12.2S, but not on SXI2...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090910/ec3664b6/attachment.bin>
More information about the cisco-nsp
mailing list