[c-nsp] CSCuy29638 - MPLS (for IPv4) Brokenness Fixed - ASR920
Phil Mayers
p.mayers at imperial.ac.uk
Fri Aug 5 11:49:08 EDT 2016
On 05/08/16 16:35, Lukas Tribus wrote:
>> Not all packets cause the wedge. If your CoPP allows NTP from your
>> configured NTP servers, but not from others, you're fine.
>
> Unless the IP address of your NTP servers are known to an attacker,
> in that case the packet can simply be spoofed.
If you're not doing uRPF and ingress filtering of your own netblocks,
you've got bigger problems IMO
More information about the cisco-nsp
mailing list