[c-nsp] Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

Michael Ulitskiy mulitskiy at acedsl.com
Thu Sep 10 18:23:58 EDT 2009


dynamips testing seems to show that CAR is ok in 12.4(23b). 
I'd still like to hear a more definitive answer before i load it into production.
Thanks,

Michael

On Thursday 10 September 2009 05:55:50 pm Michael Ulitskiy wrote:
> Hello,
> 
> I have a couple of 7200s that's currently running 12.4(23) (c7200-ik9s-mz.124-23.bin) which is listed 
> vulnerable and I need to have some tcp port open (PPTP VPN), so I'm planning to upgrade to 
> recommended 12.4(23b).
> When I was comparing 12.4(23) and 12.4(23b) images in feature navigator I've noticed that
> to my surpise 12.4(23b) doesn't support CAR which I need.
> I loaded the image into dynamips and it seems to accept rate-limit commands, but it's hard to check
> with dynamips whether it's really limiting anything. 
> Unfortunately I don't have spare equipment to test, so I wonder if someone from cisco can comment 
> on this. Is it just feature navigator typo or they really removed the feature in this rebuild?
> Thanks a lot,
> 
> Michael
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 




More information about the cisco-nsp mailing list