On 2/8/19 1:57 PM, Gert Doering wrote:
Hi,
On Fri, Feb 08, 2019 at 01:38:12PM -0600, Bryan Holloway wrote:
Anyone aware of any issues with filtering destination UDP/0 at ingress
points on IOS XR?
We're running 5.3.4 SP8 and have telemetries to help us RTBH when the
need arises.
UDP/0 is a well-known vector for this sort of attack. However, what I'm
seeing is that packets seem to be getting past our ACLs even though we
are explicitly denying them.
Not sure if you actually see "UDP/0" or "fragments".
If our netflow data reports "UDP/0", XR will match on "fragments"...
gert
I suspect you are right. Saku made the same suggestion off-line.
I'm going down that path now to see if that's what's actually happening.
Thank you!
- bryan
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
