- security News Forums
- > Deadly pings for Cisco routers and switc...
- > Highly Inaccurate
Posting 
Highly Inaccurate 26 August 2009 01:51
Ok, this is just plain inaccurate.
I'm not sure who read the Cisco advisory because they did a pretty
bad job at the interpretation:
1) First off, this isn't a bug that "disables Cisco routers and
switches". This is specifically about the FIREWALL MODULE that can be
installed on a 6500-switch or a 7600-series router. Just because the
module is installed on the switch/router does not mean that the
entire platform is affected/disabled. Please read up on modular
switches/routers to understand what that means.
2) The vendor DOES suggest a workaround (albeit not to be carried out
on the FWSM itself); it may not be the most elegant, but the
workaround is to filter ICMP packets before they get to the FWSM. The
edge router would be the most suitable candidate for that and
applying this filter would prevent the malicious ICMP traffic in
question from reaching the vulnerable FWSM.
- Threaded View
- Flat View
