wg-multicast - Re: The 'killer app' for multicast deployment?
Subject: All things related to multicast
List archive
- From: "Michael H. Lambert" <>
- To: Bill Owens <>
- Cc: ,
- Subject: Re: The 'killer app' for multicast deployment?
- Date: Wed, 23 Jul 2003 17:31:38 -0400
[cc'ing the IPv6 Working Group]
IPv6 isn't affected by the vulnerability, either...
Michael
--On Wednesday, 23 July 2003 16:52 -0400 Bill Owens <> wrote:
As you all know there is a very serious problem with IOS that has led to
mass upgrades all across the network in the last week. But someone just
posted a note to the NANOG list pointing out that a new aspect of the bug
was apparently discovered in the last couple of days. There are four
protocol types that trigger the bug, 53, 55, 77 and our favorite, 103
(PIM). Previously it was thought that the packets had to reach the router
with a TTL of 0 or 1 to affect it, but apparently PIM is a special case.
Cisco's update has this to say:
"Cisco routers are configured to process and accept Internet Protocol
version 4 (IPv4) packets by default. IPv4 packets handled by the
processor on a Cisco IOS device with protocol types of 53 (SWIPE), 55 (IP
Mobility, or 77 (Sun ND), all with Time-to-Live (TTL) values of 1 or 0,
and 103 (Protocol Independent Multicast - PIM) with any TTL value, may
force the device to incorrectly flag the input queue on an interface as
full."
So a PIM-based attack is easier to mount. But there's an easy answer -
enable PIM:
"Routers that have the PIM process running are not affected by traffic
with protocol type 103. This process will be created when PIM is
configured on any interface of the router. An interface with PIM enabled
will have one of the following three commands in the interface
configuration: ip pim dense-mode, ip pim sparse-mode, or ip pim
sparse-dense-mode. "
Sounds like a great reason to enable native multicast ;)
Bill.
- The 'killer app' for multicast deployment?, Bill Owens, 07/23/2003
- Re: The 'killer app' for multicast deployment?, Guy T Almes, 07/23/2003
- Re: The 'killer app' for multicast deployment?, Michael H. Lambert, 07/23/2003
Archive powered by MHonArc 2.6.16.