[c-nsp] UDP/0 ACL IOSXR issue?
Bryan Holloway
bryan at shout.net
Fri Feb 8 15:02:10 EST 2019
On 2/8/19 1:57 PM, Gert Doering wrote:
> Hi,
>
> On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
>> Anyone aware of any issues with filtering destination UDP/0 at ingress
>> points on IOS XR?
>>
>> We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
>> need arises.
>>
>> UDP/0 is a well-known vector for this sort of attack. However, what I'm
>> seeing is that packets seem to be getting past our ACLs even though we
>> are explicitly denying them.
>
> Not sure if you actually see "UDP/0" or "fragments".
>
> If our netflow data reports "UDP/0", XR will match on "fragments"...
>
> gert
>
I suspect you are right. Saku made the same suggestion off-line.
I'm going down that path now to see if that's what's actually happening.
Thank you!
- bryan
More information about the cisco-nsp
mailing list