[scg-sec] Telnet Vulnerability
Jared Mauch
jared at puck.nether.net
Thu Aug 26 14:42:33 EDT 2004
so if there is a vty acl, we're safe, or semi-safe (ie: hosts in the
acl only that can do 3-way).
- jared
On Thu, Aug 26, 2004 at 02:39:19PM -0400, Battles, Timothy A (Tim), ALABS wrote:
>
> Cisco Day1 VTY Vulnerability
>
> We have recently by accident discovered the following.
>
> After completing a 3-Way handshake with IOS and sending a Window size of 0, the VTY handler becomes confused
> and will not allow other session to become established, SYN-ACKS will be received from the router.
>
> In order to clear the session a
>
> clear tcp tcb xxxxxxxx
> clear tcp line x
> clear tcp line vty x
>
>
> needs to be issued.
>
>
> Some clarifiers
> This effects both telnet and ssh.
> The packet cannot be spoofed.
> This is IOS only. Day 1
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Timothy A Battles
> AT&T IP Network Security Group
> Work: (314)770-3326
> Cell: (314)280-4578
> Fax: (314)770-9568
> Email: tmbattles at att.com
> 12976 Hollenberg Drive
> Bridgeton, MO 63044-2407
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
>
>
> _______________________________________________
> scg-sec mailing list
> scg-sec at puck.nether.net
> https://puck.nether.net/mailman/listinfo/scg-sec
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the scg-sec
mailing list