| VID |
29153 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system does not apply anti-spoofing filter. If Source IP is broadcast, multicast, loopback, it can be used for the purpose of DoS attack. So, it is needed to block illegal packets by setting ACL.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Apply ACL to Source IP as follows :
Router# config terminal
Router(config)# access-list number deny ip 127.0.0.0 0.255.255.255 any
Router(config)# access-list number deny ip 224.0.0.0 31.255.255.255 any
Router(config)# access-list number deny ip host 0.0.0.0 any
Router(config)# access-list number permit ip any any |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
