Hi, On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote: > Anyone aware of any issues with filtering destination UDP/0 at ingress > points on IOS XR? > > We're running 5.3.4 SP8 and have telemetries to help us RTBH when the > need arises. > > UDP/0 is a well-known vector for this sort of attack. However, what I'm > seeing is that packets seem to be getting past our ACLs even though we > are explicitly denying them.
Not sure if you actually see "UDP/0" or "fragments".
If our netflow data reports "UDP/0", XR will match on "fragments"...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
