Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:691
HistorySep 18, 2000 - 12:00 a.m.

Cisco CDP attacks

2000-09-1800:00:00
vulners.com
70

Folks,

when playing around with CDP, I discovered several interesting things.
Due the leak of Cisco hardware around here, I ask you for your
expiriences. Details as follows:

Program: http://www.phenoelit.de/irpas/cdp.c

Known effekts:
-IOS 11.1(1):

  • when flooding the cisco with random deviceID updates, it reloads
    after 3 or 4 packets
    without even sending a "TRACE" log entry
  • DeviceIDs longer then something around 1000 bytes are recognized as
    already known
    -other IOS (tested on 11.1(24),11.2(x))
  • when flooding the cisco with random deviceID updates, it fills up all
    the memory
  • when memory is filled up, box does not accept any future telnet
    sessions or anything else
    which requires memory and crashes some times
  • when user does "debug cdp packets", the system reloads after several
    lines of output due
    the fact that the deviceID is not printable (guess)
  • DeviceIDs longer then something around 1000 bytes are NOT recognized
    as already known

Regards,
FX


dev <dev@phenoelit.de>
Phenoelit (http://www.phenoelit.de)