Cisco OL-4015-08 Bedienungsanleitung PDF herunterladen (Seite 595)

947

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(30)S1

These attacks, which only affect sessions terminating or originating on a device itself, can be of

three types:

1. Attacks that use ICMP “hard” error messages.

2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also

known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.

3. Attacks that use ICMP “source quench” messages.

Successful attacks may cause connection resets or reduction of throughput in existing connections,

depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are

workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security

Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple

vendors whose products are potentially affected.

• CSCef51239

Symptoms: When the MPLS LDP Graceful Restart feature is enabled, when label distribution

protocol (LDP)-targeted sessions are configured, and when you globally disable LDP by entering

the no mpls ip command while a graceful restart-enabled session is recovering, LDP may not be

shut down properly.

When you then re-enable LDP by entering the mpls ip command, LDP may not allocate and

advertise local labels for certain prefixes. When this situation occurs, MPLS connectivity may be

interrupted because the router does not advertise a local label for certain prefixes.

Conditions: This symptom is observed when targeted sessions are requested to support AToM

circuits and when the router runs Cisco IOS Release 12.2S, or a release that is based on

Release 12.2S, that contains the fix for CSCed18355.

A list of the affected releases can be found at

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed18355. Cisco IOS

software releases not listed in the “First Fixed-in Version” field at this location are not affected.

Workaround: Clear the routes for the affected prefixes from the routing table by entering the clear

ip route EXEC command. Note that the fix for this caveat is also integrated in Release 12.0S, 12.3,

and 12.3T.

• CSCef56201

Symptoms: Multicast MAC rewrites are not updated, preventing multicast traffic from being

switched.

Conditions: This symptom is observed when the VLAN encapsulation is changed, for example from

dot1q to dot1q, from dot1q to QinQ, or from QinQ to dot1q.

Workaround: Enter the clear ip mroute command.

• CSCef61610

A document that describes how the Internet Control Message Protocol (ICMP) could be used to

perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol

(TCP) has been made publicly available. This document has been published through the Internet

Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP”

(draft-gont-tcpm-icmp-attacks-03.txt).

1 2 ... 590 591 592 593 594 595 596 597 598 599 600 ... 677 678

Kommentare zu diesen Handbüchern

Keine Kommentare

Cisco OL-4015-08 Bedienungsanleitung Seite 595

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Cisco OL-4015-08