[c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products

Gert Doering gert at greenie.muc.de
Thu Sep 10 09:32:33 EDT 2009


Hi,

On Thu, Sep 10, 2009 at 09:22:04AM -0400, Eloy Paris wrote:
> > But anyway - my routers are lying to me.  They list *.179 just fine (BGP),
> > but all the other interesting stuff (telnet, ssh, ldp) is not there...
> 
> In a Cisco Security Advisory that we published last year
> (http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml), we
> wrote the following:
[..]
> The problem is that historically we've had different internal APIs
> that applications and services can use to register the ports they need
> to open. I believe "show control-plane host open-ports" is the latest
> incarnation and the desired way moving forward but not all applications
> and services have migrated to it which is why we still rely on different
> commands.

Thanks for that insight.  It doesn't *really* enlighten me, unfortunately.

The "show control-plane host open-ports" command is not available on
12.2S, 12.3 main, 12.4 main or 12.2SXF/SXH/SXI up to SXI2.  

None of the other commands reliably display *TCP* listening sockets.

So - to summarize this: "the only way to reliably detect what sockets
the box is listening on is to run nmap against it", right?

<rant>
This is really embarrassing, for a product shipping in this century...

(and I can't really see why "how is the service registering for a given
TCP port internally" should have any effect on "display ports registered
for services", people are known to have written programs that query 
multiple data sources and present the result in a concise format...)
</rant>

*sigh*

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090910/a9d13c42/attachment-0001.bin>


More information about the cisco-nsp mailing list