[c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products

Gert Doering gert at greenie.muc.de
Thu Sep 10 09:23:52 EDT 2009


Hi,

On Thu, Sep 10, 2009 at 03:09:43PM +0200, Mark Meijerink wrote:
> When I run the command I see al the active BGP/SSH/LDP sessions with Local Address, Foreign Address and state (ESTAB/LISTEN)

Which IOS version is that?  I tried with 12.2S and 12.2SXF and SXI2,
and while I see telnet/LDP as "ESTAB", there's no "LISTEN" for either.

Besides the output format being horribly broken... any way to turn off
the DNS resolution and long-name-mangling here?  A very nice specimen
is this one...:

52CDE4A4  C                           2620:0:6B0::26E5:4242.       ESTAB
          isco-z-XYZ-GRH-Peer.Space.Ne36163                                    

"I have a slight idea what this might be, but it's a bit hard to see"


> There is one entry in the table which I find a bit strange.
> ######## *.*                     *.*                    LISTEN
> 
> Listener on all ports???

Makes the "what ports do I need to check" assessment a bit tricky 
indeed...

I can see this one ("*") on SXH3a and 12.2S, but not on SXI2...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090910/ec3664b6/attachment.bin>


More information about the cisco-nsp mailing list