Posted on 2014-04-15
Medium Priority
Last Modified: 2014-04-15
I'm running a vulnerability scan on my Cisco router and it has told me that the router is responding with a UDP packet whose IP ID was zero. I'm not certain what this means but I'd like to eliminate the message by patching the hole. However I can't find anything online telling me how to do it. Does anyone know?
Question by:Russ Suter
LVL 28

Accepted Solution

asavener earned 2000 total points
ID: 40002194
This is not a vulnerability, or attack vector, but it is related to the ability to fingerprint the operating system running on a network device.

First option is to upgrade to the latest IOS version available for the router.  This may or may not eliminate the result.

Next option to to block or filter out any traffic that is not explicitly desired.  (In particular, I would recommend blocking traffic to the IP address of the router itself, unless such traffic is desired, such as management and ICMP traffic)

Final option is to just live with it, as most network scanners will detect it as Linux 2.4.x.

LVL 20

Author Closing Comment

by:Russ Suter
ID: 40002519
thanks for the information. Based upon that I can rule out the item on the report and justify it.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Just after setting up Cloud PBX connectivity and migrated Skype users to SFBO, we noticed inbound calls not working but outbound calls would work.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question