S-144: Cisco PIX and ASA Time-to-Live Vulnerability
A crafted IP packet vulnerability exists in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. The risk is LOW. May result in a reload of the device. This vulnerability is triggered during processing of a crafted IP packet when the Time-to-Live (TTL) decrement feature is enabled.
Hi all,
I need this as soon as possible to solve it or at least to find out what is the problem.
I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Hi,
I am trying to establish vpn between my linux server and cisco asa at client side.
I installed openswan on my cent os.
Linux Server
eth0 - 182.2.29.10
Gateway - 182.2.29.1
eth1 - 192.9.200.75
I have simple IPtables Like
WAN="eth0"
LAN="eth1" (0 Replies)
I having problem connecting to a Cisco PIX
Log from IKE
# /usr/lib/inet/in.iked -f /etc/inet/ike/config -d
Jan 16 00:40:57: 2012 (+0800) *** in.iked started ***
Jan 16 00:40:57: Loading configuration...
Jan 16 00:40:57: Checking lifetimes in "nullrule"
Jan 16 00:40:57: Using default value... (0 Replies)
AN(4) BSD Kernel Interfaces Manual AN(4)NAME
an -- Aironet 4500/4800 and Cisco 340/350 series wireless network driver
SYNOPSIS
an* at pcmcia? function ?
an* at pci? dev ? function ?
an* at isapnp?
DESCRIPTION
The an driver provides support for Aironet Communications 4500/4800 and Cisco Aironet 340/350 series wireless network adapters. This
includes the ISA, PCI and PCMCIA varieties. The 4500 series adapters operate at 1 and 2Mbps while the 4800 series and 340/350 series can
operate at 1, 2, 5.5 and 11Mbps. The ISA, PCI and PCMCIA devices are all based on the same core PCMCIA modules and all have the same pro-
gramming interface, however unlike the Lucent WaveLAN/IEEE cards, the ISA and PCI cards appear to the host as normal ISA and PCI devices and
do not require any PCMCIA support.
The PCMCIA Aironet cards require PCMCIA support. ISA cards can either be configured to use ISA Plug and Play or to use a particular I/O
address and IRQ by properly setting the DIP switches on the board. (The default switch setting is for plug and play.) The an driver has
Plug and Play support and will work in either configuration, however when using a hard-wired I/O address and IRQ, the driver configuration
and the NIC's switch settings must agree. PCI cards require no switch settings of any kind and will be automatically probed and attached.
All host/device interaction with the Aironet cards is via programmed I/O. The Aironet devices support 802.11 and 802.3 frames, power manage-
ment, BSS (infrastructure) and IBSS (ad-hoc) operation modes. The an driver encapsulates all IP and ARP traffic as 802.11 frames, however it
can receive either 802.11 or 802.3 frames. Transmit speed is selectable between 1Mbps, 2Mbps, 5.5Mbps, 11Mbps, or ``auto'' (the NIC automat-
ically chooses the best speed).
By default, the an driver configures the Aironet card to join an access point with an SSID of null string. For ad-hoc mode, in which sta-
tions can communicate among each other without the aid of an access point, the driver must be set using ifconfig(8).
For more information on configuring this device, see ifconfig(8) and ifmedia(4).
HARDWARE
Cards supported by the an driver include:
Aironet 4500 Series
Aironet 4800 Series
Cisco Aironet 340 Series
Cisco Aironet 350 Series
DIAGNOSTICS
an%d: init failed The Aironet card failed to come ready after an initialization command was issued.
an%d: failed to allocate %d bytes on NIC The driver was unable to allocate memory for transmit frames in the NIC's on-board RAM.
an%d: device timeout The Aironet card failed to generate an interrupt to acknowledge a transmit command.
SEE ALSO arp(4), ifmedia(4), netintro(4), ifconfig(8)HISTORY
The an device driver first appeared in FreeBSD 4.0, and then in NetBSD 1.6.
AUTHORS
The an driver was written by Bill Paul <wpaul@ee.columbia.edu>.
BSD December 13, 2000 BSD