| VID |
29162 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system does not block ICMP unreachable, ICMP Redirect. ICMP unreachable message includes the codes that show what reasons prevent the packet from being sent when it was sent to specific host or gateway. So attackers can obtain the information through scanning.
ICMP Redirect is used to reset the best path for hosts if the router is set to the path which is not optimal path for the transmission side host. But attackers can abuse it to hijack the specific packets by modifying the destination on purpose.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Disable ICMP unreachable, ICMP Redirect on all interfaces :
Router# config terminal
Router(config)# interface fastethernet 0/1
Router(config-if)# no ip unreachables
Router(config-if)# no ip redirects |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
