Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
# 1  
Old 04-10-2008
S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. The risk is LOW. Successful exploitation of the vulnerability can result in the creation of extra multicast states on the core routers or the leaking of multicast traffic from one MPLS VPN to another.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Solaris

Cisco IOS VPN server IKE

How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies

2. Shell Programming and Scripting

Need help on ssh login script to cisco ios

I'm trying to write a login script to ssh into a cisco switch that will run some command remotely. Similar to this expect script located here: SSH login expect shell script to supply username and password However, that script does not work with cisco ios. Anyway know what the best way to... (1 Reply)
Discussion started by: streetfighter2
1 Replies

3. Linux

How to multicast on different IP network

On Linux, I have configured two different IP address for two network device eth0 ,eth1 , in my program, I want to multicast differently on these two network, I know it must add route for single network and I try to config another route for second network,but it can not work correctly, how to config... (0 Replies)
Discussion started by: Frank2004
0 Replies

4. IP Networking

private network to private network gateway

i have one private network with one ip address, and i have a seperate network on a seperate ip address. now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

fwb_iosacl

fwb_pix(1)							 Firewall Builder							fwb_pix(1)

NAME

       fwb_ipt - Policy compiler for Cisco IOS ACL

SYNOPSIS

       fwb_iosacl [-vV] [-d wdir] [-4] [-6] [-i] -f data_file.xml object_name

DESCRIPTION

       fwb_iosacl  is  firewall  policy compiler component of Firewall Builder (see fwbuilder(1)). Compiler reads objects definitions and firewall
       description from the data file specified with "-f" option and generates resultant Cisco IOS ACL configuration file.  The  configuration	is
       written	to  the  file  with the name the same as the name of the firewall object, plus extension ".fw". Compiler generates extended access
       lists for Cisco routers running IOS v12.x using "ip access-list <name>" syntax. Compiler  also  generates  "ip  access-group"  commands	to
       assign  access  lists  to interfaces. Generated ACL configuration can be uploaded to the router manually or using built-in installer in the
       fwbuilder(1) GUI.

       The data file and the name of the firewall objects must be specified on the command line. Other command line parameters are optional.

OPTIONS

       -4     Generate iptables script for IPv4 part of the policy. If any rules of the firewall refer to IPv6 addresses, compiler will skip these
	      rules.   Options	"-4"  and  "-6"  are  exclusive.  If  neither option is used, compiler tries to generate both parts of the script,
	      although generation of the IPv6 part is controlled by the option "Enable IPv6 support" in the "IPv6"  tab  of  the  firewall  object
	      advanced settings dialog.  This option is off by default.

       -6     Generate iptables script for IPv6 part of the policy. If any rules of the firewall refer to IPv6 addresses, compiler will skip these
	      rules.

       -f FILE
	      Specify the name of the data file to be processed.

       -d wdir
	      Specify working directory. Compiler creates file with ACL configuration in this directory.  If this parameter is missing, then  gen-
	      erated ACL will be placed in the current working directory.

       -v     Be verbose: compiler prints diagnostic messages when it works.

       -V     Print version number and quit.

       -i     When this option is present, the last argument on the command line is supposed to be firewall object ID rather than its name

URL

       Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/

BUGS

       Please report bugs using bug tracking system on SourceForge:

       http://sourceforge.net/tracker/?group_id=5314&atid=105314

SEE ALSO

       fwbuilder(1), fwb_pix(1), fwb_ipfw(1), fwb_ipf(1), fwb_ipt(1) fwb_pf(1)

FWB
																	fwb_pix(1)