cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
0
Helpful
6
Replies
Highlighted
Beginner

IOS

Hi Team ,

I have ISR router running "isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin" below are the vulnerabilities found can any one suggest the solution for the same.

 

CVE-1999-0524  -- ICMP Timestamp Request

6 REPLIES 6
Highlighted
VIP Collaborator

Re: vulnerabilities

Hello,

 

You can block this traffic from internal to out in your network

 

you can use ACL to block it:

 

check this exemple for icmp: https://community.cisco.com/t5/switching/acl-for-icmp/td-p/1053521

check this exemple for ntp: https://community.cisco.com/t5/routing/restrict-ntp-access/td-p/861842

 

Regards

Jaderson Pessoa
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: vulnerabilities

Thanks for the replay .

can you please help me to know whether this vulnerabilities are hitting on the running IOS.

Highlighted
VIP Collaborator

Re: vulnerabilities

Hello,

 

ICMP is very dangerous for DDoS or DoS: A distributed-denial-of-service, or DDoS, attack is the bombardment of simultaneous data requests to a central server. The attacker generates these requests from multiple compromised systems.

In doing so, the attacker hopes to exhaust the target’s Internet bandwidth and RAM. The ultimate goal is to crash the target’s system and disrupt its business.

 

Check it: https://www.cisco.com/c/en/us/products/security/what-is-a-ddos-attack.html

 

NTP: In summary, the attack is based on processing NTP Mode 7 requests from NTP clients that may elicit huge responses. While the requests are small (for example, in case of Mode 7, the request is only 8 bytes long), the response can grow up to 5,500 times that size due to amplification.

 

Check it: https://www.cisco.com/c/en/us/about/security-center/event-response/network-time-protocol-amplification-ddos.html

 

All of this vulnerabilities can crash your router requesting lot of RAM, CPU and BANDWIDTH.

 

If you have a NTP Service configured on your router and you dont tunning it, maybe you has a vulnerability.

If you have any interface UP/UP allowed to external (internet), you can receive a DoS or DDoS attack.

 

 

Jaderson Pessoa
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: vulnerabilities

Hi Jaderson Pessoa ,

 

Thanks for the update .

I have checked the same vulnerabilities in cisco portal but coudn't found this CVE ID'S are hitting the running IOS .There are lot of vulnerabilities are present in the current running ver except the mentioned CVE ID.

 

can you please clarify the same.

Everyone's tags (1)
Highlighted
VIP Collaborator

Re: vulnerabilities

as i said, if you have this services configured without any parameter, you have a possible problem.

 

 

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***
Highlighted
VIP Collaborator

Re: vulnerabilities

Please, dont forget to mark as solved and helpful all post that were help you.

Thanks in advance.
Jaderson Pessoa
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad