[nsp-sec] FYI - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
John Kristoff
jtk at depaul.edu
Mon Aug 31 21:58:27 EDT 2020
On Tue, 1 Sep 2020 01:49:13 +0000
"Dario Ciccarone (dciccaro)" <dciccaro at cisco.com> wrote:
> DC> John, I don't know what your experience is like, but each time we
> DC> talk to customers (or advanced services folks working w/
> DC> customers, or TAC, or) we hear thinks that we just can't compute.
> DC> "I don't know my infra addresses", "I don't know if this traffic
[...]
You know the 'no ip forward ..." knobs? There should be one for IGMP
and it should be off by default. I think I brought this up before and
there is probably a reason it is not so easy to implement, but
intuitively it seems the ideal way to limit IGMP to me.
John
More information about the nsp-security
mailing list