Anyone aware of any issues with filtering destination UDP/0 at ingress
points on IOS XR?
We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
need arises.
UDP/0 is a well-known vector for this sort of attack. However, what I'm
seeing is that packets seem to be getting past our ACLs even though we
are explicitly denying them.
"hardware counters" seem to corroborate that we're getting matches.
... and yet we're still seeing the traffic beyond the ingress.
Curious if anyone else has seen this.
Our egress-facing interface is a BE, if it matters ...
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
