OT - RE: DOS/Smurf attacks!
From: Richard Davidson (rich@myhomemail.net)
Date: Wed Oct 27 2004 - 11:50:21 GMT-3
This is an OFF topic question�
A free entitlement is available for any type of bugs
in the code.
When a new bug fix is released, the customer is
entitled to a bug fix Upgrade free of charge. For
example, 12.0WC1 upgrades to 12.0WC2.
If there are any new major releases, for example 12.1,
when 12.0 is still releasing bug fixes, non-contract
holders are not entitled to the major release upgrade,
however they are still entitled to the 12.0 bug fix.
If you don�t have a contract, you must contact Cisco
and they will give you a link to the free download.
=====
Richard Davidson
CCIG, PPDP, EERT, AAPR, ABC123, etc...
Yahoo IM: r1davidson
e-mail rich@myhomemail.net
--- "Church, Chuck" <cchurch@netcogov.com> wrote:
> All,
>
> I think we're getting a little off the topic here.
> True, the
> only surefire way to stop a DDOS is to stop it at
> all the sources, but
> Natasha was only looking for advice on selecting an
> IOS version that
> isn't vulnerable to the various PSIRT issues.
> Usually this requires an
> active service contract. If she's got one,
> downloading the latest GD
> 12.2 that supports all the modules in the router
> should work. If there
> is no contract, there's a workaround. Check out:
>
http://www.cisco.com/en/US/products/products_security_advisory09186a0080
> 1a34c2.shtml#fixes
>
> Read the part under 'Obtaining Fixed Software'.
> With a serial number,
> you can get a fixed version this one time. Still,
> you're better off
> with a contract...
>
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation
> Team
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch@netcogov.com
> PGP key:
>
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> libone mhlanga
> Sent: Wednesday, October 27, 2004 6:17 AM
> To: ccielab@groupstudy.com
> Subject: RE: DOS/Smurf attacks!
>
> As a veteran victim of DDoS attacks I can assure you
> that there is
> NOTHING ( I repeat NOTHING !! ) that you can do on
> ANY router by ANY
> manufacturer to mitigate against a huge DDoS attack
> !! Thats why Cisco
> themselves bought Riverhead.
>
> What you need is purpose-built DDoS mitigation kit
> from the likes of
> Netscaler, Toplayer, Riverhead( cisco ),
> Tippingpoint, Juniper(
> Netscreen) etc etc .
>
> Oh by the way the biggest Pix, Checkpoint,
> Cyberguard, Netscreen etc etc
> WILL be brought down by a DDoS.
>
> Just to give you an idea, one attack we suffered
> flattened our entire
> Tier-1 ISP core composed of GSR's with all the IOS
> DDoS features on them
> !!!
>
> Nuff said !!
>
> ----- Original Message -----
> From: <laurent.metzger@bt.com>
> To: <mahaguru@gmail.com>, <naleyevka@yahoo.com>
> Subject: RE: DOS/Smurf attacks!
> Date: Wed, 27 Oct 2004 07:35:49 +0100
>
> >
> > Natasha,
> > if you are looking for strong security, it is
> wiser to put a PIX
> firewall facing the ISP. Laurent
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com on behalf of Zafar
> Khan
> > Sent: Wed 10/27/2004 5:00 AM
> > To: Nathasha Aleyevka
> > Cc: ccielab@groupstudy.com
> > Subject: Re: DOS/Smurf attacks!
> >
> >
> >
> > Dear Natasha,
> > Its not just the IOS version it actually has a
> lot to do with
> your configs !
> > Try AutoSecure available with IOS 12.3 and above
> >
> > Cheers
> > Zafar
> >
> >
> > On Tue, 26 Oct 2004 14:08:48 -0700 (PDT),
> Nathasha Aleyevka
> > <naleyevka@yahoo.com> wrote:
> > > Hello,
> > >
> > > I just performed a scan on my 7200 router(core
> to the ISP),
> the scan indicated that this router is vulnerable to
> several denial of
> service attacks, smurf attacks and buffer overflows
> attacks related to
> outdated version of its software( Im running
> Version 12.0(2)XE2...
> > >
> > > Solution: To upgrade the IOS software to the
> latest stable
> version
> > >
> > > Q: What is the next stable version, does it
> mean 12.3 ?- How
> do I know that once I pay for the new IOS the
> scanning software will not
> tell me that the new IOS is still vulnerable to all
> of the above
> attacks..Is there another patch fix to this problem.
> Any ideas(!)
> > >
> > > Thank you
> > >
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Mail Address AutoComplete - You start.
> We finish.
> > >
> > >
>
This archive was generated by hypermail 2.1.4
: Sat Nov 06 2004 - 17:11:53 GMT-3