| VID |
29161 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system does not disable ARP Proxy. Proxy arp breaks the LAN security perimeter, effectively extending a LAN at layer 2 across multiple segments. Cisco routers perform proxy ARP by default on all IP interfaces. Disable it on each interface where it is not needed, even on interfaces that are currently idle.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Disable proxy ARP on all interfaces
Router# config terminal
Router(config)# interface fastethernet 0/1
Router(config-if)# no ip proxy-arp |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
