[c-nsp] UDP/0 ACL IOSXR issue?
Aaron Gould
aaron1 at gvtc.com
Fri Feb 8 17:19:52 EST 2019
Unsure about xr and be-specific acl treatment... however I do recall
BVI-related acl's having issues either in or out... don't recall, been a
while...
...in my newer juniper platform, I'm blocking the heck out of udp/0... geez,
there's a lot of volumetric attacks coming on that port.....and 389.... and
53.... and 123....
- Aaron
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Bryan Holloway
Sent: Friday, February 8, 2019 1:38 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] UDP/0 ACL IOSXR issue?
Anyone aware of any issues with filtering destination UDP/0 at ingress
points on IOS XR?
We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
need arises.
UDP/0 is a well-known vector for this sort of attack. However, what I'm
seeing is that packets seem to be getting past our ACLs even though we
are explicitly denying them.
"hardware counters" seem to corroborate that we're getting matches.
... and yet we're still seeing the traffic beyond the ingress.
Curious if anyone else has seen this.
Our egress-facing interface is a BE, if it matters ...
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list