Cisco 802-IDSL - 802 Router Instrukcja Użytkownika Pobierz pdf (Strona 14)

Release Notes for Cisco 802 IDSL and 804 IDSL Routers for Cisco IOS Release

78-10388-01

Important Notes

If you have service contracts you can obtain new software through your regular update channels

(generally through Cisco’s World Wide Web site). You can upgrade to any software release, but you

must remain within the boundaries of the feature sets you have purchased.

If you do not have service contracts, you can upgrade to obtain only the bug fixes; free upgrades are

restricted to the minimum upgrade required to resolve the defects. In general, you will be restricted to

upgrading within a single row of Table 5, except when no upgrade within the same row is available in

a timely manner. Obtain updates by contacting one of the following Cisco Technical Assistance

Centers (TACs):

• +1 800 553 2447 (toll-free from within North America)

• +1 408 526 7209 (toll call from anywhere in the world)

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence

for a free update. Non-contract customers must request free updates through the TAC. Please do not

contact either “[email protected]” or “[email protected]” for software updates.

Workarounds

You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or

processing UDP datagrams addressed to its port 514. This can be done either by using packet filtering

on surrounding devices, or by using input access list filtering on the affected IOS device itself.

If you use an input access list, apply that list to all interfaces to which attackers may be able to send

datagrams. Interfaces include not only physical LAN and WAN interfaces but also virtual subinterfaces

of those physical interfaces, as well as virtual interfaces and interface templates corresponding to GRE,

L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device’s own

IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device may be

listening. Be sure to block both old-style “all-zeros” broadcasts and new-style “all-ones” broadcasts. It

is not necessary to block traffic being forwarded to other hosts—only traffic actually addressed to the

Cisco IOS device is of interest.

No single input access list works in all configurations. Know the effect of your access list in your

specific configuration before activating it.

1 2 ... 9 10 11 12 13 14 15 16 17 18 19 ... 25 26

Brak uwag

Cisco 802-IDSL - 802 Router Instrukcja Użytkownika Strona 14