Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
CS-Cart core / user.php
Marvell 88W8361P-BEM1 ch
BlueZ the SDP load handl
The VMware 2008-0014 ren
The Wireshark 1.0.1 edit
Youngzsoft CMailServer l
Samba group_mapping.tdb/
Najdi.si Toolbar najdisi
Mozilla the Firefox 2.0.
phpMyAdmin long-distance
WeFi journal file local
IntelliTamper HTML resol
IntelliTamper 2.0.7 (htm
Microsoft Windows DNS se
XChangeboard newThread.p
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
phpBB Small ShoutBox mod
Mozilla Firefox Internet
Microsoft XML Core Servi
Microsoft XML Core the S
Microsoft Windows Unhook
ClamAV get_unicode_name(
Adobe Acrobat and the Re
Net-SNMP the GETBULK req
Linux Kernel proc_do_xpr
Linux Kernel do_splice_f
Blender the BPY_interfac
KVIrc URI processor long
Cisco IOS the SSL sessio
Cisco IOS software L2TP
RealWin SCADA server lon
Cisco IOS IPS function SERVICE.DNS refuses to serve the crack
  Add date: 11/03/2008   Publishing date: 11/03/2008   Hits: 3
Total 2 pages, Current page:1, Jump to page:
 
Issues the date: 2008-09-24
Renewal date: 2008-09-25

Is affected the system:
Cisco IOS 12.4
Cisco IOS 12.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 31364
CVE(CAN) ID: CVE-2008-2739

Cisco IOS is the Internet operating system which on the Cisco network equipment uses.

If Cisco IOS has begun using the invasion protective system (IPS) function, then may trigger SERVICE.DNS engine's IPS characteristic network communication possibly to cause the router to collapse or to hang up, creates situation which refuses to serve.

<* origin: Cisco safe announcement
 
  Link: http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml
*>

Suggested:
--------------------------------------------------------------------------------
Temporary solution:

* each Cisco IOS which disposes to the equipment on IPS strategy increase access control tabulation (ACL), such Cisco IOS the IPS function does not inspect the transmission for 53/udp or the 53/tcp port's communication. Needs to increase following ACL to the equipment disposition:

    ! deny inspection of traffic with a destination port of 53/udp
    access-list 177 deny   udp any eq 53
    ! deny inspection of traffic with a destination port of 53/tcp
    access-list 177 deny   tcp any eq 53
    ! allow all other traffic to be inspected
    access-list 177 permit ip any

Then needs to revise on equipment's each Cisco IOS the IPS strategy routine before in order to quote ACL. If must judge Cisco IOS which on the equipment disposes the IPS strategy, carries out show running-config as follows | include ip ips name order:
   
    Router#show running-config | include ip ips name
    ip ips name ios-ips-incoming
    ip ips name ios-ips-outgoing
    Router#

In the example above, on the equipment has disposed two Cisco IOS the IPS strategy. The following demonstration demonstrated that strategy increases ACL to above each Cisco IOS the IPS:

    Router#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#ip ips name ios-ips-incoming list 177
    Router(config)#ip ips name ios-ips-outgoing list 177
    Router(config)#end
    Router#

As the confirmation step, may carry out show ip ips once more interfaces order confirmation already to each Cisco IOS IPS strategy correct attachment ACL:

    Router#show ip ips interfaces
        Interface Configuration
          Interface FastEthernet0/0
            Inbound IPS rule is ios-ips-incoming
        acl list 177
            Outgoing IPS rule is not set
          Interface FastEthernet0/1

 
Other pages: : 1 * 2 * Next>>
Prev:Cisco IOS MPLS VPN information revelation crack Next:Cisco the uBR10012 router tacitly approves the SNMP association string of character crack

Comment:

Category: Home > System crack
Home