Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
1
Replies

ASA Risk:Spoofed EIGRP Packet Saturation DoS

Yuliang Liang
Level 1
Level 1

‎11-18-2014 12:11 AM - edited ‎03-11-2019 10:05 PM

We have detected a high risk in asa5510.

risk information:

22 TCP - ssh
 
 
 
Cisco IOS: Spoofed EIGRP Packet Saturation DoS
 
7.8(High risk)
 
Cisco IOS

 

Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

 

Device details:

verson:8.6

no EIGRP session

 

Does Cisco have any solutions to close this risk? 

 

Labels:
0 Helpful
1 Reply 1

Murali
Level 1
Level 1

‎11-18-2014 10:00 AM

Hi ,

Is ASA  detected this for your network or for the ASA itself? if it's a router/L3 switch you can mitigate this threat by limiting interfaces(hard coding network command to the interface ip address)  that participate in eigrp routing ( you don't want to listen eigrp packets on the interfaces that you don't want to have eigrp neighbor-ship)

HTH

Murali.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card