Re: Cisco IOS vulnerability
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 07/20/03
- Previous message: Michal Zalewski: "Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]"
- In reply to: jlewis_at_lewis.org: "Re: Cisco IOS vulnerability"
- Next in thread: Andrew Bates: "Re: Cisco IOS vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Jul 2003 23:56:29 -0400 To: jlewis@lewis.org
jlewis@lewis.org wrote:
> That's a different issue. undefined access list = you referenced an
> access-list that does not exist. In that case, it's as if you didn't
> reference the access-list.
>
> I think this is a common pitfal for beginers with IOS. You need to modify
> an access-list, so you telnet into the router, conf t, no access-list
> blah, then start typing in the new version of the access-list. Hopefully,
> your first line is permit tcp any any est, because once you start
> reentering the access-list, there's the implicit deny all all at the
> end...so if you're getting to the router through the interface using the
> access-list you're modifying, you may block yourself out.
>
> For that reason, it's generally best to create a new access-list, then
> modify the interface config to use that new access-list.
Even better, show config to get the ACL, cut and paste it into an
editor. Add "interface foo" and "no ip access-group this-acl in" and
"no ip access-list extended this-acl" at the beginning, and an
"interface foo" and "ip access-group this-acl in" at the end. Then you
can cut-and-paste the config without any side effects (or you can store
it on a tftp server and config net from there).
Jeff
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Michal Zalewski: "Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]"
- In reply to: jlewis_at_lewis.org: "Re: Cisco IOS vulnerability"
- Next in thread: Andrew Bates: "Re: Cisco IOS vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
