[scg-sec] Telnet Vulnerability
Battles, Timothy A (Tim), ALABS
tmbattles at att.com
Thu Aug 26 14:39:19 EDT 2004
Cisco Day1 VTY Vulnerability
We have recently by accident discovered the following.
After completing a 3-Way handshake with IOS and sending a Window size of 0, the VTY handler becomes confused
and will not allow other session to become established, SYN-ACKS will be received from the router.
In order to clear the session a
clear tcp tcb xxxxxxxx
clear tcp line x
clear tcp line vty x
needs to be issued.
Some clarifiers
This effects both telnet and ssh.
The packet cannot be spoofed.
This is IOS only. Day 1
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Timothy A Battles
AT&T IP Network Security Group
Work: (314)770-3326
Cell: (314)280-4578
Fax: (314)770-9568
Email: tmbattles at att.com
12976 Hollenberg Drive
Bridgeton, MO 63044-2407
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the scg-sec
mailing list