BUGTRAQ ID: 33975
CVE(CAN) ID: CVE-2009-0619
会话边界控制器(SBC)是位于网络边界的多媒体设备,控制到该网络的呼叫准入。
Cisco SBC中存在漏洞,未经认证的攻击者可以通过在2000端口上发送特制的TCP报文导致Cisco SBC卡重载。反复攻击可导致持续的拒绝服务情况。
Cisco Session Border Controller 3.0(1)
临时解决方法:
* 在RP的信令/媒体VLAN配置ACL。以下示例显示如何将VLAN 140配置为信令/媒体VLAN。
Cisco SBC配置
interface vlan 140
ip address 10.140.1.90 255.255.255.0
alias 10.140.1.100 255.255.255.0
peer ip address 10.140.1.8 255.255.255.0
!
ft interface vlan 77
ip address 192.168.1.1 255.255.255.0
peer ip address 192.168.1. 255.255.255.0
RP配置
!- ACL blocking all TCP port 2000 traffic to the 10.140.1.0 internal network
!
access-list 100 deny tcp any host 10.140.1.100 eq 2000
access-list 100 permit ip any any
!
interface Vlan140
ip address 10.140.1.1 255.255.255.0
!- ACL is applied to the VLAN interface to egress traffic
ip access-group 100 out
!
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20090304-sbc)以及相应补丁:
cisco-sa-20090304-sbc:Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
链接:<a href=http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml target=_blank rel=external nofollow>http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml</a>
补丁下载:
<a href=http://www.cisco.com/pcgi-bin/tablebuild.pl/sbc-7600-crypto target=_blank rel=external nofollow>http://www.cisco.com/pcgi-bin/tablebuild.pl/sbc-7600-crypto</a>
京公网安备 11010502034610号
暂无评论