Cisco releases patches for ICMP attacks on routers

Source: Internet
Author: User

In a recent IOS Security Bulletin, cisco warned that a public management protocol used on the Internet can be exploited to launch denial-of-service attacks against Cisco routers or other IP-based devices.
This Security Bulletin warns of potential attacks based on Internet Control Packet protocol ICMP. Attacks may cause unavailability of IOS devices. Cisco's Security Bulletin is based on a bulletin issued by the National Infrastructure Security Coordination Center NISCC, the announcement released by NISCC refers to a document published by the IETF website describing how ICMP is used to initiate DoS attacks against TCP communication.
ICMP is a subprotocol of the TCP/IP protocol family. It is used to transmit control messages between IP hosts and routers. A message control refers to a message of the network itself, such as network connectivity, host accessibility, and routing availability. According to the IETF documentation, attackers may send some ICMP "hardware error" messages to devices running TCP, causing devices to reset TCP connections or reduce the throughput of TCP connections. If such ICMP messages are repeatedly sent, the device may become inaccessible to the network. The IETF document also outlines another DoS attack method that uses the path's largest transmission unit to discover PMTUD. PMTUD is a mechanism of ICMP to process error messages.
Cisco indicates that only routers and other devices running IOS with PMTUD enabled are under this attack. It indicates that ICMP "hardware error" message attacks are invalid for Cisco devices. However, all versions of IOS10.x, 11. x, and 12.xare vulnerable to PMTUD-based attacks. Other devices that are not IOS-based are also vulnerable, including Cisco Aironet WLAN devices, stacked and rack-mounted Catalyst switches, and ONS optical network devices.
Cisco indicates that PMTUD is disabled by default on IOS devices running IPv4, but PMTUD is enabled by default on IOS devices running IPv6 or IPSec, such as VPN devices and PIX security application devices. Cisco warned that his IOS-XR Internet Router Based on the CRS-1 operating system is vulnerable to PMTUD attacks and ICMP "Hard error" message attacks. PMTUD is disabled by default in the IOS-XR ).
Cisco has released software patches for these vulnerabilities. At the same time, Cisco indicates that disabling PMTUD on a Cisco device is also a solution to the problem.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.