Date: Fri, 5 Feb 1999 04:08:07 PST
From: "Mr. joej" <mr_joej@HOTMAIL.COM.>
To: [email protected]Subject: Re: Widespread Router Access Port DoS
I believe there is some clarification to your 'DoS' that should be
stated. What versions of cisco IOS are you refering to?
But either way you are refering to 2 seperate, possibly 3 seperate
features of Cisco IOS. Port 23 (telnet obviously) spawns a 'virtual
terminal' when it receives a connection. This can be protected from
'unauthorized' access by an ACL. Instead of applying an interface
specific ACL, you should place one in the actual Line VTY config.
Regarding ports 2001, 4001, 6001, and 9001. Those are all 'reverse
telnet' ports for the AUX port. In my experience I have seen several
routers that do have this misconfigured, however a DoS attack against
this port is of no importance. The simple fix is to apply 'transport
input none' to the aux port. And if the administrator actually knows
what he is doing, and needs reverse telnet ability to the router's AUX
port, once again an ACL can be applied to only allow specific access.
I agree that if the reverse telnet to the AUX is used, it can be tied
up, just by connecting to one of the ports 2001, 4001 .... and no other
port will answer a connection....(assuming no ACL is installed)
However, currently I do not consider what you have stated a DoS attack.
I have not seen any router 'reboot' from anything you have stated.
Please post more information to clarify.
joej
[email protected]
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com