 |
|
|
|
|
 |
 |
|
 |
Cisco IPv4 DoS v1.21
Vulnerability exploited: CAN-2003-0567 - BID-8211
Category: Denial of Service/Remote
This module may cause Cisco Routers/Switches stop processing traffic in its input interface.
Cisco routers are configured to process and accept Internet Protocol version 4 (IPv4) packets by default.
IPv4 packets handled by the processor on a Cisco IOS device with protocol types of 53 (SWIPE), 55 (IP Mobility),
or 77 (Sun ND), all with Time-to-Live (TTL) values of 1 or 0, and 103 (Protocol Independent Multicast - PIM) with
any TTL value, may force the device to incorrectly flag the input queue on an interface as full. A full input
queue will stop the device from processing inbound traffic on that interface and may result in routing protocols
dropping due to dead timers.Routers that have the PIM process running are not affected by traffic with protocol type 103. This process will be created when PIM is configured on any interface of the router. An interface with PIM enabled will have one of the following three commands in the interface configuration: ip pim dense-mode, ip pim sparse-mode, or ip pim sparse-dense-mode.On a blocked Ethernet interface, Address Resolution Protocol (ARP) times out after a default time of four hours, and no traffic can be processed. The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention. The attack may be repeated on all interfaces causing the router to be remotely inaccessible.
Supported Systems:
This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.
|
|
|
|
 |
|
 |
 |
|
 | |
