Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
# 1  
Old 04-10-2008
S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. The risk is LOW. Successful exploitation of the vulnerability can result in the creation of extra multicast states on the core routers or the leaking of multicast traffic from one MPLS VPN to another.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Solaris

Cisco IOS VPN server IKE

How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies

2. Shell Programming and Scripting

Need help on ssh login script to cisco ios

I'm trying to write a login script to ssh into a cisco switch that will run some command remotely. Similar to this expect script located here: SSH login expect shell script to supply username and password However, that script does not work with cisco ios. Anyway know what the best way to... (1 Reply)
Discussion started by: streetfighter2
1 Replies

3. Linux

How to multicast on different IP network

On Linux, I have configured two different IP address for two network device eth0 ,eth1 , in my program, I want to multicast differently on these two network, I know it must add route for single network and I try to config another route for second network,but it can not work correctly, how to config... (0 Replies)
Discussion started by: Frank2004
0 Replies

4. IP Networking

private network to private network gateway

i have one private network with one ip address, and i have a seperate network on a seperate ip address. now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

map-mbone

map-mbone(1M)															     map-mbone(1M)

NAME

       map-mbone - Multicast Router Connection Mapper

SYNOPSIS

       debuglevel] retries] timeout] [multicast-router]

DESCRIPTION

       requests  the multicast router connection information from the multicast-router, and prints the information to the standard out.  sends out
       the ASK_NEIGHBORS igmp message to the multicast-router.	When the multicast-router receives the request, it sends  back	its  configuration
       information.  multicast-router can be either an ip address or a system name.

       If  the	multicast-router is not specified, flood mode is on by default and the igmp request message is sent to all the multicast router on
       the local network. With flood mode on, when finds new neighbor routers from the replies, it will send the same  igmp  request  to  the  new
       neighbor routers. This activity continues until no new neighbor routers are reported in the replies.

       The command line options are:

	      Sets the level for printing out the debug message. The default is 0,
			    which prints only error and warning messages. Debug level three prints most the messages.

	      Sets the retry times to poll the routing daemon for information. The
			    default is 1.

	      It specifies the timeout value in seconds for waiting the reply. The
			    default value is 2 seconds.

	      Sets the	    flood mode on. It is the default value when no multicast-router is given on the command line input.

	      Generates output in GRaphEd format.

	      Disable DNS lookup for the multicast router names.

       The output contains the interface configuration information of the requested router(s).	The format for each interface output is:

       If there are multiple neighbor routers on one interface, they will all be reported.  The neighbor_name will not be printed if the option is
       specified on the command line.

       The possible values for are:

	      Neighbors are reached via tunnel.

	      The tunnel uses IP source routing.

	      The interface is down.

	      The interface is administratively disabled for multicast routing.

	      The local router is the querier of the subnet.

       The format of the GRaphEd output is:

       If there is no neighbor router on an interface, then a will be put next to the node_name. If there are multiple	neighbor  routers  on  one
       interface, all of them will be reported.  The possible values for are:

	      The neighbor is reached via tunnel.

	      The neighbor is on the same network/subnet.

	      The interface is down.

	      Please see mrouted(1M) for and

EXAMPLES

       Querying for the multicast router connection information.

       127.0.0.1 (localhost) [version 3.3]:
	 193.2.1.39 -> 0.0.0.0 (all-zeros-broadcast) [1/1/disabled]
	 15.13.106.144 -> 15.255.176.33 (matmos.hpl.hp.com) [10/1/tunnel]
	 15.13.106.144 -> 15.17.20.7 (hpspddc.vid.hp.com) [10/1/tunnel/down]

       Querying for multicast router connectivity with option:

       GRAPH "Multicast Router Connectivity: Wed Feb  1 17:34:59 1995"=UNDIRECTED
	 252537488 {$ NP 1440 1060 $} "hpntc1t.cup.hp.com*"
	   ;
	 252538974 {$ NP 940 1120 $} "hpntcbs.cup.hp.com"
	   252537488 "10/1E"
	   252539807 "1/1P"
	   ;
	 252539807 {$ NP 1590 1150 $} "hpntc1h.cup.hp.com*"
	   ;

   Note
       must be run as root.

AUTHOR

       was developed by Pavel Curtis.

SEE ALSO

       mrouted(1M), mrinfo(1M).

																     map-mbone(1M)