tcp vulnerability alert - fixed pix image??

Discussion in 'Cisco' started by Bill F, Apr 22, 2004.

  1. Bill F

    Bill F Guest

    http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

    The bulletin lists these fixed pix builds.
    6.3.3.132, 6.2.3.109, and 6.1.5.103

    Are these only available thru TAC?

    Also, I have several bgp customers. Anyone know what Tier 1 providers
    standard operating procedure is for doing MD5 auth? I'm peering w/
    sprint, mci, att, broadwing

    thanks
     
    Bill F, Apr 22, 2004
    #1
    1. Advertising

  2. Bill F

    S. Gione Guest

    I'm not qualified in low level TCP but suspect that there is no "fix" in the
    newer images.

    The vulnerability seems to be in the "basic" area of the protocol. Both
    sides (the other of which may not be Cisco) need to "agree" on the terms of
    the session. If the Cisco side arbitrarily reduces the size of it's
    "window" (unless the size is negotiated), there may be session failure.

    Maybe someone more familiar with protocol details can clarify this.



    "Bill F" <> wrote in message
    news:...
    >
    > http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
    >
    > The bulletin lists these fixed pix builds.
    > 6.3.3.132, 6.2.3.109, and 6.1.5.103
    >
    > Are these only available thru TAC?
    >
    > Also, I have several bgp customers. Anyone know what Tier 1 providers
    > standard operating procedure is for doing MD5 auth? I'm peering w/
    > sprint, mci, att, broadwing
    >
    > thanks
    >
     
    S. Gione, Apr 22, 2004
    #2
    1. Advertising

  3. Bill F

    Brian Bergin Guest

    Bill F <> wrote:

    |
    |http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
    |
    |The bulletin lists these fixed pix builds.
    | 6.3.3.132, 6.2.3.109, and 6.1.5.103
    |
    |Are these only available thru TAC?
    |
    |Also, I have several bgp customers. Anyone know what Tier 1 providers
    |standard operating procedure is for doing MD5 auth? I'm peering w/
    |sprint, mci, att, broadwing
    |
    |thanks

    Those builds are available via TAC. I got mine in 22 minutes this AM. Went on
    like a charm.

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
     
    Brian Bergin, Apr 22, 2004
    #3
  4. Bill F

    chad Guest


    > Also, I have several bgp customers. Anyone know what Tier 1 providers
    > standard operating procedure is for doing MD5 auth? I'm peering w/
    > sprint, mci, att, broadwing
    >
    > thanks
    >


    All you have to do is create a clear text password and have an engineer from
    your ISP on the phone with you while you make the change to md5. You give
    your password to him and you both enter the password at the same time. I'ts
    not necessary, but I would recommend you admin your BGP session down before
    you enter the password. When you both enter your passwords, the BGP session
    should do a hard reset automatically, but you could have some problems where
    you have to do a hard shut on it a few times which could possibly trigger a
    dampening penalty. It's totally up to you.
    It's really simple to do:

    router(config-router)#neighbor (neighbor IP) password (clear text password)
    If you do a "?" after the "password" you will get a choice of 0-7
    authentication. Don't even enter anything there.

    Check here to make sure you have the correct IOS:

    http://cisco.com/en/US/products/products_security_advisory09186a008021bc62.s
    html
     
    chad, Apr 22, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. S. Gione

    TCP Vulnerability

    S. Gione, Apr 21, 2004, in forum: Cisco
    Replies:
    10
    Views:
    737
    Karsten Fischer
    Apr 25, 2004
  2. Brian Bergin

    TCP vulnerability fixes?

    Brian Bergin, Apr 21, 2004, in forum: Cisco
    Replies:
    0
    Views:
    408
    Brian Bergin
    Apr 21, 2004
  3. Toronto Garage Door Company

    ALERT: Virus Scam Alert!

    Toronto Garage Door Company, Nov 18, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    772
    andre
    Nov 18, 2003
  4. Au79
    Replies:
    2
    Views:
    404
  5. =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=

    Alert..General Alert?..New Discovery?.

    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=, Jul 24, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    563
    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=
    Jul 24, 2007
Loading...

Share This Page