[c-nsp] UDP/0 ACL IOSXR issue?

Bryan Holloway bryan at shout.net
Fri Feb 8 15:02:10 EST 2019

On 2/8/19 1:57 PM, Gert Doering wrote:
> Hi,
> On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
>> Anyone aware of any issues with filtering destination UDP/0 at ingress
>> points on IOS XR?
>> We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
>> need arises.
>> UDP/0 is a well-known vector for this sort of attack. However, what I'm
>> seeing is that packets seem to be getting past our ACLs even though we
>> are explicitly denying them.
> Not sure if you actually see "UDP/0" or "fragments".
> If our netflow data reports "UDP/0", XR will match on "fragments"...
> gert

I suspect you are right. Saku made the same suggestion off-line.

I'm going down that path now to see if that's what's actually happening.

Thank you!

		- bryan

More information about the cisco-nsp mailing list