S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. The risk is LOW. Successful exploitation of the vulnerability can result in the creation of extra multicast states on the core routers or the leaking of multicast traffic from one MPLS VPN to another.
I'm trying to write a login script to ssh into a cisco switch that will run some command remotely. Similar to this expect script located here:
SSH login expect shell script to supply username and password
However, that script does not work with cisco ios. Anyway know what the best way to... (1 Reply)
On Linux, I have configured two different IP address for two network device eth0 ,eth1 , in my program, I want to multicast differently on these two network, I know it must add route for single network and I try to config another route for second network,but it can not work correctly, how to config... (0 Replies)
i have one private network with one ip address, and i have a seperate network on a seperate ip address.
now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
MLD(4) BSD Kernel Interfaces Manual MLD(4)NAME
mld -- Multicast Listener Discovery Protocol
SYNOPSIS
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip6.h>
#include <netinet/icmp6.h>
#include <netinet6/mld6.h>
int
socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
DESCRIPTION
MLD is a control plane protocol used by IPv6 hosts and routers to propagate multicast group membership information. Normally this protocol
is not used directly, except by the kernel itself, in response to multicast membership requests by user applications. Multicast routing pro-
tocol daemons may open a raw socket to directly interact with mld and receive membership reports.
As of FreeBSD 8.0, MLD version 2 is implemented. This adds support for Source-Specific Multicast (SSM), whereby applications may communicate
to upstream multicast routers that they are only interested in receiving multicast streams from particular sources. The retransmission of
state-change reports adds some robustness to the protocol.
SYSCTL VARIABLES
net.inet6.mld.ifinfo
This opaque read-only variable exposes the per-link MLDv2 status to ifmcstat(8).
net.inet6.mld.gsrdelay
This variable specifies the time threshold, in seconds, for processing Group-and-Source Specific Queries (GSR). As GSR query pro-
cessing requires maintaining state on the host, it may cause memory to be allocated, and is therefore a potential attack point for
Denial-of-Service (DoS). If more than one GSR query is received within this threshold, it will be dropped, to mitigate the potential
for DoS.
net.inet6.mld.v1enable
If this variable is non-zero, then MLDv1 membership queries (and host reports) will be processed by this host, and backwards compati-
bility will be enabled until the v1 'Older Version Querier Present' timer expires. This sysctl is normally enabled by default.
SEE ALSO netstat(1), sourcefilter(3), icmp6(4), inet(4), multicast(4), ifmcstat(8)HISTORY
The mld manual page appeared in FreeBSD 8.0.
BSD April 8, 2013 BSD