[c-nsp] UDP/0 ACL IOSXR issue?

Gert Doering gert at greenie.muc.de
Fri Feb 8 14:57:04 EST 2019


On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
> Anyone aware of any issues with filtering destination UDP/0 at ingress 
> points on IOS XR?
> We're running 5.3.4 SP8 and have telemetries to help us RTBH when the 
> need arises.
> UDP/0 is a well-known vector for this sort of attack. However, what I'm 
> seeing is that packets seem to be getting past our ACLs even though we 
> are explicitly denying them.

Not sure if you actually see "UDP/0" or "fragments".

If our netflow data reports "UDP/0", XR will match on "fragments"...

"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20190208/153c7ee9/attachment.sig>

More information about the cisco-nsp mailing list