Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cisco sgbp DoS SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco sgbp DoS

Cisco published a report about a DoS condition on some of their routers.

It is situated in the Stack Group Bidding Protocol (sgbp) wich is used to enable bandwidth on demand using Multilink PPP (MLP).

Full details at cisco

To summarize:

  • Not vulnerable if the router does not support sgbp or if it is not configured (so #show sgbp should give no output or a syntax error message).
  • Workarounds are listed with ACLs to protect UDP/9900 on the affected routers.
  • Upgrade to fix it
  • Traffic to UDP/9900 might now be DoS attempts.
--
Swa Frantzen
Swa

760 Posts
Jan 18th 2006

Sign Up for Free or Log In to start participating in the conversation!