[c-nsp] UDP/0 ACL IOSXR issue?
Gert Doering
gert at greenie.muc.de
Fri Feb 8 14:57:04 EST 2019
Hi,
On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
> Anyone aware of any issues with filtering destination UDP/0 at ingress
> points on IOS XR?
>
> We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
> need arises.
>
> UDP/0 is a well-known vector for this sort of attack. However, what I'm
> seeing is that packets seem to be getting past our ACLs even though we
> are explicitly denying them.
Not sure if you actually see "UDP/0" or "fragments".
If our netflow data reports "UDP/0", XR will match on "fragments"...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20190208/153c7ee9/attachment.sig>
More information about the cisco-nsp
mailing list