apops March 2009

apops@apops.net

5 participants
23 discussions

Cisco Security Advisory: Cisco IOS Software Multiple Features IP Sockets Vulnerability
by Cisco Systems Product Security Incident Response Team 25 Mar '09

25 Mar '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Multiple Features IP Sockets Vulnerability Advisory ID: cisco-sa-20090325-ip http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC (GMT) - --------------------------------------------------------------------- Summary ======= A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results: * The configured feature may stop accepting new connections or sessions. * The memory of the device may be consumed. * The device may experience prolonged high CPU utilization. * The device may reload. Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the "Workarounds" section of this advisory. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml Note: The March 25, 2009, Cisco IOS Security Advisory bundled publication includes eight Security Advisories. All of the advisories address vulnerabilities in Cisco IOS Software. Each advisory lists the releases that correct the vulnerability or vulnerabilities in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published in Cisco Security Advisories on March 25, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml Individual publication links are listed below: * Cisco IOS cTCP Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml * Cisco IOS Software Multiple Features IP Sockets Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml * Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml * Cisco IOS Software Secure Copy Privilege Escalation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml * Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml * Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml * Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml * Cisco IOS Software WebVPN and SSLVPN Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml Affected Products ================= Vulnerable Products +------------------ Devices that are running affected versions of Cisco IOS Software and Cisco IOS XE Software are affected if they are running any of the following features. Details about confirming whether the affected feature is enabled on a device are in the "Details" section of this advisory. * Cisco Unified Communications Manager Express * SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport * Secure Signaling and Media Encryption * Blocks Extensible Exchange Protocol (BEEP) * Network Admission Control HTTP Authentication Proxy * Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass * Distributed Director with HTTP Redirects * DNS (TCP mode only) To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example shows a product that is running Cisco IOS Software Release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following product is not affected by this vulnerability: * Cisco IOS XR Software No other Cisco products or features configured in Cisco IOS or Cisco IOS XE Software are currently known to be affected by this vulnerability. Details ======== For successful exploitation of this vulnerability, the TCP three-way handshake must be completed to the associated TCP port number(s) for any of the features described in this section. Cisco Unified Communications Manager Express +------------------------------------------- The following configurations are vulnerable for different Cisco Unified Communications Manager Express services: A certificate authority proxy function (CAPF) server has been configured. The following example shows a vulnerable CAPF server configuration: capf-server auth-mode null-string cert-enroll-trustpoint root password 1 104D000A061843595F trustpoint-label cme_cert source-addr 10.0.0.1 The default TCP port used for CAPF server is 3804. Further information about CAPF-server is in the Cisco Unified Communications Manager Express System Administrator Guide at http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/gui… Telephony-service security parameters have been configured. If the telephony-service security parameters have been configured with "device-security-mode", the device is vulnerable. The following example shows three vulnerable configurations for telephony-service security parameters: ephone 1 device-security-mode encrypted ephone 2 device-security-mode authenticated ephone 3 device-security-mode none The TCP port used is defined with the "ip source-address <address> port <port-number>" telephony-service configuration command. Further information about Telephony-service security parameters is in the Cisco Unified Communications Manager Express System Administrator Guide at http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/gui… The global telephony-service or call-manager-fallback command has been configured. Any Cisco IOS configuration with the global "telephony-service" or "call-manager-fallback" command is vulnerable if any subcommands are in the telephony-service or call-manager-fallback configuration mode. The following examples show vulnerable configurations: telephony-service ip source-address 192.168.0.1 port 2011 or call-manager-fallback ip source-address 192.168.0.1 port 2011 The TCP port used is defined with the "ip source-address <address> port <port-number>" configuration command. Further information about telephony service and call-manager-fallback is in the Cisco Unified Communications Manager Express System Administrator Guide at http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/gui… SIP Gateway Signaling Support over TLS Transport +---------------------------------------------- Note: For customers with devices enabled with SIP, also consult the document "Cisco Security Advisory: Cisco IOS Session Initiation Protocol Denial of Service Vulnerability" at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.html Devices that are configured for SIP gateway signaling support over TLS transport are vulnerable. The following examples show vulnerable configurations: voice service voip sip session transport tcp tls url sips - -- or -- dial-peer voice 3456 voip voice-class sip url sips session protocol sipv2 session transport tcp tls For the SIP gateway signaling support over TLS transport to function correctly, administrators must first configure a trustpoint using the following configuration: sip-ua crypto signaling default trustpoint example_trustpoint_name The default TCP port used for the SIP gateway signaling support over TLS transport feature is 5061. Further information about Cisco IOS SIP gateway signaling support over TLS transport is in the Cisco IOS Software Release 12.4T feature guide at http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/FeatTLS.html Secure Signaling and Media Encryption +------------------------------------ A device is vulnerable if it is configured with the Media and Signaling Encryption (SRTP/TLS) on DSP Farm Conferencing feature or with Secure Signaling and Media Encryption for analog phones with Skinny Call Control Protocol (SCCP). The following examples show three different vulnerable secure DSP farm configurations. Several other parts are required for a full configuration, such as certificates and SCCP configuration, but these parts have been excluded for brevity. dspfarm profile 2 transcode security trustpoint 2851ClientMina codec g711ulaw codec g711alaw codec g729ar8 codec g729abr8 codec gsmfr codec g729r8 codec g729br8 maximum sessions 3 associate application SCCP dspfarm profile 3 conference security trustpoint sec2800-cfb codec g711ulaw codec g711alaw codec g729ar8 codec g729abr8 codec g729r8 codec g729br8 maximum sessions 2 associate application SCCP dspfarm profile 5 mtp security trustpoint 2851ClientMina codec g711alaw maximum sessions hardware 1 associate application SCCP The default TCP port used for the Media and Signaling Encryption on DSP Farm Conferencing feature is 2443. Further information about the Media and Signaling Encryption on DSP Farm Conferencing feature is in the "Cisco IOS Software Release 12.4 Special and Early Deployments feature guide" at the following link http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/itsdsp.html The following output shows the relevant section of Secure Signaling and Media Encryption for analog phones and is a vulnerable configuration (Several other parts are required for a full configuration, such as certificates, SCCP configuration, and dial peers): !--- The following lines show SCCP Telephony Control Application !--- (STCAPP) security enabled at the system level: stcapp ccm-group 1 stcapp security trustpoint analog stcapp security mode encrypted stcapp <-- output removed for brevity --> dial-peer voice 5002 pots service stcapp !--- The following line shows the security mode configured on the !--- dial peer. security mode authenticated port 2/1 The default TCP port used for Media and Signaling Encryption for analog phones is 2443. Further information about Media and Signaling Encryption for analog phones is in the "Supplementary Services Features for FXS Ports on Cisco IOS Voice Gateways Configuration Guide, Release 12.4T" at the following link http://www.cisco.com/en/US/docs/ios/voice/fxs/configuration/guide/fsxsecur.… Blocks Extensible Exchange Protocol +---------------------------------- Any configuration or executable command that leverages Blocks Extensible Exchange Protocol (BEEP) as a transport protocol is vulnerable. The following example shows the vulnerable configuration of the feature NETCONF over BEEP. NETCONF over BEEP using SASL is also vulnerable. crypto key generate rsa general-keys crypto pki trustpoint my_trustpoint enrollment url http://10.2.3.3:80 subject-name CN=dns_name_of_host.com revocation-check none crypto pki authenticate my_trustpoint crypto pki enroll my_trustpoint line vty 0 15 netconf lock-time 60 netconf max-sessions 16 netconf beep initiator host1 23 user my_user password my_password encrypt my_trustpoint reconnect-time 60 netconf beep listener 23 sasl user1 encrypt my_trustpoint The TCP port used is defined with the "netconf beep initiator" and "netconf beep listener" configuration commands. Further information about NETCONF over BEEP is in the "Cisco IOS Software Release 12.4T feature guide" at the following link http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htnetbe.html#wp1049404 The BEEP executable commands "bingd" and "bingng" could cause this vulnerability to be triggered when they are invoked. The following shows an example of these commands being executed: bingng device 192.168.0.1 23 bingd device 23 Network Admission Control HTTP Authentication Proxy +-------------------------------------------------- Devices configured with Network Admission Control HTTP Authentication Proxy are vulnerable. For the device to be vulnerable the authentication proxy rule must exist and be applied to an interface. The following configuration creates an authentication proxy rule. ip admission name example-ap-rule-name proxy http The following configuration attaches the authentication proxy rule (created in the previous example) to an interface. interface GigabitEthernet 0/0 ip admission example-ap-rule-name The default TCP port used for Network Admission Control HTTP Authentication Proxy is 80. Further information about Network Admission Control HTTP Authentication Proxy is in the "Cisco IOS Security Configuration Guide, Release 12.4" at the following link http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_net_ad… Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass +---------------------------------------------------------------------- Devices that have URL redirect feature configured are vulnerable. URL redirect is supported for EAP over UDP (EAPoUDP), Dot1x and MAC Authentication Bypass (MAB) authentication mechanisms. The URL redirect configuration can either be on the server or set up as part of a locally defined profile or policy. Both configurations are vulnerable. A device is vulnerable with either of the following configurations. URL Redirect Feature Enabled for EAPoUDP +--------------------------------------- The URL redirect feature is enabled for EAPoUDP with the following global configuration command: ip admission name <EAPoUDP-rule-name> eapoudp The following configuration attaches the EAPoUDP rule (created in the previous example) to an interface. ip admission name <EAPoUDP-rule-name> URL Redirect Feature Enabled for Dot1x and MAB +--------------------------------------------- The URL redirect feature for both Dot1x and MAB are vulnerable and will have a URL redirect AV pair on the RADIUS server defined in a method that is similar to the following: url-redirect="http://example.com" url-redirect="urlacl" For the Dot1x and MAB URL redirect feature to work successfully on the switch, the minimum following configuration would also be required. There is no interface-specific configuration for URL redirect. Basically the interface has to be configured for Dot1x/MAB. ip http {server | secure-server} ip device tracking The default TCP port used for per-user URL redirect for EAPoUDP, Dot1x, and MAB is 80 and 443. Further information about per-user URL redirect for EAPoUDP, Dot1x, and MAB is in the "Catalyst 4500 Series Switch Software Configuration Guide, 12.2(50)SG" at the following link http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configu… Distributed Director with HTTP Redirects +--------------------------------------- A device is vulnerable if Distributed Director is configured with HTTP redirects. The following example shows a vulnerable configuration: ip director ip-address 192.168.0.1 The default TCP port used for distributed director with HTTP redirect is 53. Further information about Distributed Director with HTTP redirects is in "Distributed Director Configuration Example Overview" at the following link http://www.cisco.com/en/US/products/hw/contnetw/ps813/products_tech_note091… DNS +-- Devices that are configured with the Cisco IOS DNS feature are vulnerable. A pure DNS over UDP implementation is not vulnerable. See the "Workarounds" section of this advisory for information about filtering DNS over TCP traffic to the device. If any of the commands in the following example appear in the device configuration, the device is vulnerable: ip dns server ip dns primary example.com soa www.example.com admin(a)example.com ip dns spoofing 192.168.0.1 The default TCP port used for DNS is 53. Further information about Cisco IOS DNS is in the "Cisco IOS IP Addressing Services Configuration Guide, Release 12.4" at the following link http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_d… This vulnerability is documented in the following Cisco Bug ID: CSCsm27071 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-0630. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsm27071: Cisco IOS Software Multiple Features IP Sockets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in the any of the following occurring: * The configured feature may stop accepting new connections or sessions. * The memory of the device may be consumed. * The device may experience prolonged high CPU utilization. * The device may reload. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0 | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0DA | Vulnerable; first fixed in 12.2DA | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0DB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0DC | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.0S | 12.0(32)S12 | 12.0(32)S12 | |------------+-------------------------------------+----------------| | 12.0SC | Vulnerable; first fixed in 12.0S | 12.0(32)S12 | |------------+-------------------------------------+----------------| | 12.0SL | Vulnerable; first fixed in 12.0S | 12.0(32)S12 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0SP | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.0ST | Vulnerable; first fixed in 12.0S | 12.0(32)S12 | |------------+-------------------------------------+----------------| | 12.0SX | Vulnerable; first fixed in 12.0S | 12.0(32)S12 | |------------+-------------------------------------+----------------| | 12.0SY | 12.0(32)SY8 | 12.0(32)SY8 | |------------+-------------------------------------+----------------| | 12.0SZ | Vulnerable; first fixed in 12.0S | 12.0(32)S12 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0T | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.0W | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.0WC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.0WT | Not Vulnerable | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XC | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XD | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XE | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.0XF | Not Vulnerable | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XG | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XH | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | Releases prior to 12.0(4)XI2 are | 12.4(18e) | | | vulnerable, release 12.0(4)XI2 and | | | 12.0XI | later are not vulnerable; first | 12.4(23a); | | | fixed in 12.4 | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XJ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XK | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XL | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XM | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XN | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XQ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XR | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XS | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XT | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.0XV | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1 | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.1AA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1AX | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | | | 12.1(22)EA13 | | 12.1AY | Vulnerable; first fixed in 12.1EA | | | | | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | | | 12.1(22)EA13 | | 12.1AZ | Vulnerable; first fixed in 12.1EA | | | | | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.1CX | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1DA | Vulnerable; first fixed in 12.2DA | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.1DB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1DC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1E | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.1EA | 12.1(22)EA13 | 12.1(22)EA13 | |------------+-------------------------------------+----------------| | 12.1EB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.2(33)SCB1 | | 12.1EC | Vulnerable; first fixed in 12.3BC | | | | | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | 12.1EO | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1EU | Vulnerable; first fixed in 12.2SG | 12.2(31)SGA9 | |------------+-------------------------------------+----------------| | 12.1EV | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1EW | Vulnerable; migrate to 12.2SGA | | |------------+-------------------------------------+----------------| | 12.1EX | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1EY | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.1EZ | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1GA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1GB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1T | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XC | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XD | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XE | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XF | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XG | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XH | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XI | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XJ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XL | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XM | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XP | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XQ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XR | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XS | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XT | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XU | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XV | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XW | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XX | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XY | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1XZ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YC | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YD | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | Releases prior to 12.1(5)YE6 are | 12.4(18e) | | | vulnerable, release 12.1(5)YE6 and | | | 12.1YE | later are not vulnerable; first | 12.4(23a); | | | fixed in 12.4 | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YF | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.1YH | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.1YI | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.1(22)EA13 | | 12.1YJ | Vulnerable; first fixed in 12.1EA | | | | | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2 | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2B | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to 12.2SCB1 or | 12.2(33)SCB1 | | 12.2BC | 12.3BC | | | | | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2BW | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2BX | Vulnerable; migrate to 12.2SB4 | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2BY | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2BZ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to 12.2SCB or | 12.2(33)SCB1 | | 12.2CX | 12.3BC | | | | | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to 12.2SCB or | 12.2(33)SCB1 | | 12.2CY | 12.3BC | | | | | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | 12.2CZ | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | 12.2(12)DA14; Available on | | | 12.2DA | 30-JUL-2009 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2DD | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2DX | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2EW | Vulnerable; first fixed in 12.2SG | 12.2(31)SGA9 | |------------+-------------------------------------+----------------| | 12.2EWA | Vulnerable; first fixed in 12.2SG | 12.2(31)SGA9 | |------------+-------------------------------------+----------------| | 12.2EX | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2EY | 12.2(44)EY | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2EZ | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2FX | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2FY | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2FZ | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | | | 12.2(33)SRC4; | | 12.2IRA | Vulnerable; first fixed in 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-------------------------------------+----------------| | | | 12.2(33)SRC4; | | 12.2IRB | Vulnerable; first fixed in 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXA | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXB | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXC | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXD | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXE | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXF | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to any release | 12.2(18)IXH; | | 12.2IXG | in 12.2IXH | Available on | | | | 31-MAR-2009 | |------------+-------------------------------------+----------------| | 12.2JA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2JK | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2MB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2MC | 12.2(15)MC2m | 12.2(15)MC2m | |------------+-------------------------------------+----------------| | 12.2S | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | | 12.2(31)SB14 | | | | | | | 12.2SB | 12.2(33)SB1 | 12.2(33)SB4 | | | | | | | 12.2(28)SB13 | | |------------+-------------------------------------+----------------| | 12.2SBC | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | 12.2SCA | 12.2(33)SCA2 | 12.2(33)SCB1 | |------------+-------------------------------------+----------------| | 12.2SCB | Not Vulnerable | | |------------+-------------------------------------+----------------| | | 12.2(50)SE | | | | | | | 12.2SE | 12.2(46)SE2 | 12.2(44)SE6 | | | | | | | 12.2(44)SE5 | | |------------+-------------------------------------+----------------| | 12.2SEA | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SEB | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SEC | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SED | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SEE | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SEF | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | 12.2SEG | Vulnerable; first fixed in 12.2SE | 12.2(44)SE6 | |------------+-------------------------------------+----------------| | | | 12.2(52)SG; | | 12.2SG | 12.2(50)SG | Available on | | | | 15-MAY-2009 | |------------+-------------------------------------+----------------| | 12.2SGA | 12.2(31)SGA9 | 12.2(31)SGA9 | |------------+-------------------------------------+----------------| | 12.2SL | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2SM | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SO | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SQ | Not Vulnerable | | |------------+-------------------------------------+----------------| | | | 12.2(33)SRC4; | | 12.2SRA | Vulnerable; first fixed in 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-------------------------------------+----------------| | | | 12.2(33)SRB5a; | | | | Available on | | | | 3-April-2009 | | 12.2SRB | Vulnerable; first fixed in 12.2SRC | | | | | 12.2(33)SRC4; | | | | Available on | | | | 18-MAY-2009 | |------------+-------------------------------------+----------------| | | | 12.2(33)SRC4; | | 12.2SRC | 12.2(33)SRC1 | Available on | | | | 18-MAY-2009 | |------------+-------------------------------------+----------------| | 12.2SRD | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2STE | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2SU | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.2SV | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SVA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SVC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SVD | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SVE | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SW | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2SX | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2SXA | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2SXB | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2SXD | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2SXE | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2SXF | 12.2(18)SXF16 | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | | 12.2(33)SXH5; Available on | 12.2(33)SXH5; | | 12.2SXH | 20-APR-2009 | Available on | | | | 20-APR-2009 | |------------+-------------------------------------+----------------| | 12.2SXI | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2SY | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | 12.2SZ | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2T | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2TPC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XB | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XC | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XD | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XE | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | Vulnerable; migrate to 12.2SCB or | 12.2(33)SCB1 | | 12.2XF | 12.3BC | | | | | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XG | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XH | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XI | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XJ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XK | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XL | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XM | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.2(33)SB4 | | 12.2XN | Vulnerable; first fixed in 12.2SRC | | | | | 12.2(33)SRD1 | |------------+-------------------------------------+----------------| | 12.2XNA | Vulnerable; migrate to any release | 12.2(33)SRD1 | | | in 12.2SRD | | |------------+-------------------------------------+----------------| | 12.2XNB | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2XNC | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2XO | 12.2(46)XO | 12.2(46)XO | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XQ | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XR | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XS | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XT | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XU | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XV | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2XW | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2YA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2YB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YD | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YE | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YF | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YG | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YH | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YJ | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YK | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YL | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2YM | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.2YN | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YO | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2YP | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2YQ | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YR | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YS | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.2YT | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YU | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YV | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YW | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YX | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YY | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2YZ | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZA | Vulnerable; first fixed in 12.2SXF | 12.2(18)SXF16 | |------------+-------------------------------------+----------------| | 12.2ZB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZD | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2ZE | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2ZF | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.2ZG | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.2ZH | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.2ZJ | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZL | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZP | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.2(33)SXH5; | | 12.2ZU | Vulnerable; first fixed in 12.2SXH | Available on | | | | 20-APR-2009 | |------------+-------------------------------------+----------------| | 12.2ZX | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | 12.2ZY | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.2ZYA | 12.2(18)ZYA1 | 12.2(18)ZYA1 | |------------+-------------------------------------+----------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.3 | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3B | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3BW | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3EU | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.3JA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.3JEA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.3JEB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.3JEC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3JK | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3JL | Vulnerable; first fixed in 12.4JK | | |------------+-------------------------------------+----------------| | 12.3JX | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3T | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3TPC | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.3VA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.3XA | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.3XB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XC | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XD | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.3XE | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.3XF | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XG | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3XI | Vulnerable; first fixed in 12.2SB | 12.2(33)SB4 | |------------+-------------------------------------+----------------| | 12.3XJ | Vulnerable; first fixed in 12.3YX | 12.3(14)YX14 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XK | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XL | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XQ | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(18e) | | | | | | 12.3XR | Vulnerable; first fixed in 12.4 | 12.4(23a); | | | | Available on | | | | 30-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XS | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XU | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3XW | Vulnerable; first fixed in 12.3YX | 12.3(14)YX14 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XX | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XY | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3XZ | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YA | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YD | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3YF | Vulnerable; first fixed in 12.3YX | 12.3(14)YX14 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YH | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YI | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YJ | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YK | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3YM | 12.3(14)YM13 | 12.3(14)YM13 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YQ | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YS | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3YU | Vulnerable; first fixed in 12.4XB | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.3YX | 12.3(14)YX14 | 12.3(14)YX14 | |------------+-------------------------------------+----------------| | 12.3YZ | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.3ZA | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+-------------------------------------+----------------| | | 12.4(19) | 12.4(18e) | | | | | | 12.4 | 12.4(18a) | 12.4(23a); | | | | Available on | | | 12.4(23a); Available on 30-APR-2009 | 30-APR-2009 | |------------+-------------------------------------+----------------| | 12.4JA | 12.4(16b)JA1 | | |------------+-------------------------------------+----------------| | 12.4JDA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4JK | 12.4(3)JK4 | | |------------+-------------------------------------+----------------| | 12.4JL | 12.4(3)JL1 | | |------------+-------------------------------------+----------------| | 12.4JMA | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4JMB | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4JX | Vulnerable; first fixed in 12.4JA | | |------------+-------------------------------------+----------------| | 12.4MD | 12.4(11)MD7 | 12.4(11)MD7 | |------------+-------------------------------------+----------------| | 12.4MR | 12.4(19)MR | 12.4(19)MR2 | |------------+-------------------------------------+----------------| | 12.4SW | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | | 12.4(20)T | 12.4(22)T1 | | | | | | 12.4T | 12.4(15)T8 | 12.4(15)T9; | | | | Available on | | | 12.4(15)T9; Available on | 29-APR-2009 | | | 29-APR-2009 | | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | 12.4(15)T8 | | | 12.4XB | | 12.4(15)T9; | | | 12.4(20)T | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | 12.4(4)XD12; Available on | 12.4(4)XD12; | | 12.4XD | 27-MAR-2009 | Available on | | | | 27-MAR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XF | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XG | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XK | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.4XL | 12.4(15)XL4 | 12.4(15)XL4 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XM | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.4XN | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4XP | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4XQ | 12.4(15)XQ2 | 12.4(15)XQ2 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XR | 12.4(15)XR4 | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.4XV | Vulnerable; contact TAC | | |------------+-------------------------------------+----------------| | 12.4XW | 12.4(11)XW10 | 12.4(11)XW10 | |------------+-------------------------------------+----------------| | | | 12.4(22)T1 | | | | | | 12.4XY | 12.4(15)XY4 | 12.4(15)T9; | | | | Available on | | | | 29-APR-2009 | |------------+-------------------------------------+----------------| | 12.4XZ | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.4YA | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.4YB | Not Vulnerable | | |------------+-------------------------------------+----------------| | 12.4YD | Not Vulnerable | | +-------------------------------------------------------------------+ Workarounds =========== The following mitigations have been identified for this vulnerability: Infrastructure Access Control Lists +---------------------------------- Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks. Infrastructure Access Control Lists (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for these specific vulnerabilities. The iACL example below should be included as part of the deployed infrastructure access-list which will protect all devices with IP addresses in the infrastructure IP address range: !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- Feature: Cisco Unified Communications Manager Express !--- !--- CAPF server configuration !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 3804 !--- !--- Telephony-Service configuration !--- The TCP port is as per the ip source-address !--- <ip-address> port <port-number> telephony !--- service configuration command. Example below 2999 !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 2999 !--- !--- Deny Cisco Unified Communications Manager Express traffic !--- from all other sources destined to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 3804 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 2999 !--- !--- Feature: SIP Gateway Signaling Support Over TLS Transport !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 5061 !--- Deny SIP Gateway Signaling Support Over TLS Transport !--- traffic from all other sources destined to infrastructure !--- addresses. access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 5061 !--- !--- Feature: Secure Signaling and Media Encryption !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 2443 !--- Deny Secure Signaling and Media Encryption traffic from all !--- other sources destined to infrastructure addresses. access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 2443 !--- !--- Feature: Blocks Extensible Exchange Protocol (BEEP) !--- The TCP port used is defined with the netconf beep initiator !--- and netconf beep listener configuration !--- commands. This example uses 3001 !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 3001 !--- Deny BEEP traffic from all other sources destined to !--- infrastructure addresses. access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 3001 !--- !--- Feature: Network Admission Control HTTP Authentication Proxy !--- and !--- Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 80 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 443 !--- !--- Deny Network Admission Control HTTP Authentication Proxy !--- and !--- Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass traffic to infrastructue !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 80 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 443 !--- !--- Features: Distributed Director with HTTP Redirects and DNS !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 53 !--- Deny Distributed Director with HTTP Redirects traffic and DNS !--- from all other sources destined to infrastructure addresses. access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 53 !--- Permit/deny all other Layer 3 and Layer 4 traffic in !--- accordance with existing security policies and configurations !--- Permit all other traffic to transit the device. access-list 150 permit ip any any !--- Apply access-list to all interfaces (only one example shown) interface serial 2/0 ip access-group 150 in The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0… Receive ACLs (rACL) +------------------ For distributed platforms, Receive ACLs may be an option starting in Cisco IOS Software Versions 12.0(21)S2 for the 12000 (GSR), 12.0(24)S for the 7500, and 12.0(31)S for the 10720. The Receive ACL protects the device from harmful traffic before the traffic can impact the route processor. Receive ACLs are designed to only protect the device on which it is configured. On the 12000, 7500, and 10720, transit traffic is never affected by a receive ACL. Because of this, the destination IP address "any" used in the example ACL entries below only refer to the router's own physical or virtual IP addresses. Receive ACLs are considered a network security best practice, and should be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The white paper entitled "GSR: Receive Access Control Lists" will help you identify and allow legitimate traffic to your device and deny all unwanted packets. This white paper is available at the following link http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0… The following is the receive path ACL written to permit this type of traffic from trusted hosts: !--- !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- !--- Feature: Cisco Unified Communications Manager Express !--- !--- !--- !--- Permit CAPF server traffic from trusted hosts allowed to !--- the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 3804 !--- !--- Telephony-Service configuration !--- !--- !--- The TCP port is as per the ip source-address !--- <address> port <port-number> telephony-service !--- configuration command. Example below 2999 !--- !--- Permit Telephony-Service traffic from trusted hosts allowed !--- to the RP. access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2999 !--- !--- Deny Cisco Unified Communications Manager Express !--- traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 3804 access-list 150 deny tcp any any eq 2999 !--- !--- Permit SIP Gateway Signaling Support Over TLS Transport !--- traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 5061 !--- !--- Deny SIP Gateway Signaling Support Over TLS Transport !--- traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 5061 !--- !--- Permit Secure Signaling and Media Encryption traffic !--- from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2443 !--- !--- Deny Secure Signaling and Media Encryption traffic from !--- all other sources to the RP. !--- access-list 150 deny tcp any any eq 2443 !--- !--- Feature: Blocks Extensible Exchange Protocol (BEEP) !--- The TCP port used is defined with the netconf beep initiator !--- and netconf beep listener configuration commands. !--- This example uses 3001 !--- !--- !--- Permit BEEP traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 3001 !--- !--- Deny BEEP traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 3001 !--- !--- Feature: Network Admission Control HTTP Authentication Proxy !--- and !--- Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass !--- !--- !--- Permit Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass traffic from trusted hosts allowed to !--- the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 80 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 443 !--- !--- Deny Network Admission Control HTTP Authentication Proxy !--- and !--- Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass traffic from all other sources to !--- the RP. !--- access-list 150 deny tcp any any eq 80 access-list 150 deny tcp any any eq 443 !--- !--- Features: Distributed Director with HTTP Redirects and DNS !--- !--- !--- Permit Distribute Director and DNS traffic from trusted hosts !--- allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 53 !--- !--- Deny distributed director and DNS traffic from all other !--- sources to the RP. !--- access-list 150 deny tcp any any eq 53 !--- !--- Permit all other traffic to the RP. !--- according to security policy and configurations. !--- access-list 150 permit ip any any !--- !--- Apply this access list to the 'receive' path. !--- ip receive access-list 150 Control Plane Policing +--------------------- Control Plane Policing (CoPP) can be used to block the affected features TCP traffic access to the device. Cisco IOS software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP which will protect all devices with IP addresses in the infrastructure IP address range. !--- !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- Feature: Cisco Unified Communications Manager Express !--- !--- CAPF Server configuration !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 3804 !--- !--- Telephony-Service configuration !--- The TCP port is as per the ip source-address !--- <address> port <port-number> telephony-service !--- configuration command. Example below 2999 !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2999 !--- !--- Permit Cisco Unified Communications Manager Express traffic !--- sent to all IP addresses configured on all interfaces of !--- the affected device so that it will be policed and dropped !--- by the CoPP feature !--- !--- CAPF server configuration !--- access-list 150 permit tcp any any eq 3804 !--- !--- Telephony-Service configuration !--- access-list 150 permit tcp any any eq 2999 !--- !--- Feature: SIP Gateway Signaling Support Over TLS Transport !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 5061 !--- !--- Permit SIP Gateway Signaling Support Over TLS Transport !--- traffic sent to all IP addresses configured on all interfaces !--- of the affected device so that it will be policed and !--- dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 5061 !--- !--- Feature: Secure Signaling and Media Encryption !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2443 !--- !--- Permit Secure Signaling and Media Encryption traffic sent to !--- all IP addresses configured on all interfaces of the affected !--- device so that it will be policed and dropped by the CoPP !--- feature !--- access-list 150 permit tcp any any eq 2443 !--- !--- Feature: Blocks Extensible Exchange Protocol (BEEP) !--- The TCP port used is defined with the netconf beep initiator !--- and netconf beep listener configuration commands. !--- This example uses 3001 !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 3001 !--- !--- Permit BEEP traffic sent to all IP addresses configured !--- on all interfaces of the affected device so that it !--- will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 3001 !--- !--- Feature: Network Admission Control HTTP Authentication Proxy !--- and !--- Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 80 access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 443 !--- !--- Permit Network Admission Control HTTP Authentication Proxy !--- and Per-user URL Redirect for EAP over UDP, Dot1x and MAC !--- Authentication Bybass traffic sent to all IP addresses !--- configured on all interfaces of the affected device so that it !--- will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 80 access-list 150 permit tcp any any eq 443 !--- !--- Features: Distributed Director with HTTP Redirects and DNS !--- access-list 150 deny tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 53 !--- !--- Permit Distributed Director with HTTP Redirects and DNS !--- traffic sent to all IP addresses configured on all interfaces !--- of the affected device so that it will be policed and dropped !--- by the CoPP feature !--- access-list 150 permit tcp any any eq 53 !--- !--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and !--- Layer4 traffic in accordance with existing security policies !--- and configurations for traffic that is authorized to be sent !--- to infrastructure devices !--- !--- !--- Create a Class-Map for traffic to be policed by !--- the CoPP feature !--- class-map match-all drop-tcpip-class match access-group 150 !--- !--- Create a Policy-Map that will be applied to the !--- Control-Plane of the device. !--- policy-map drop-tcpip-traffic class drop-tcpip-class drop !--- !--- Apply the Policy-Map to the !--- Control-Plane of the device !--- control-plane service-policy input drop-tcpip-traffic In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Please note that the policy-map syntax is different in the 12.2S and 12.0S Cisco IOS trains: policy-map drop-tcpip-traffic class drop-tcpip-class police 32000 1500 1500 conform-action drop exceed-action drop Additional information on the configuration and use of the CoPP feature can be found in the documents, "Control Plane Policing Implementation Best Practices" and "Cisco IOS Software Releases 12.2 S - Control Plane Policing" at the following links http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html Additional mitigations that can be deployed on Cisco devices within the network are available in the "Cisco Applied Mitigation Bulletin" companion document for this advisory at the following link http://www.cisco.com/warp/public/707/cisco-amb-20090325-tcp-and-ip.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered by Cisco when performing internal vulnerability testing. We would also like to thank Jens Link, freelance consultant, for also reporting this vulnerability to us. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcpip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-March-25 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknKUasACgkQ86n/Gc8U/uBbjACeIwNWs1Rt18l5RAnnaMCvg4GA kK0AnjoeX6PBI/y6tro0tjJUCfrAAr30 =Ijff -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
by Cisco Systems Product Security Incident Response Team 25 Mar '09

25 Mar '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability Advisory ID: cisco-sa-20090325-tcp http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC (GMT) - --------------------------------------------------------------------- Summary ======= Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload. Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the workarounds section of this advisory. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml Note: The March 25, 2009, Cisco IOS Security Advisory bundled publication includes eight Security Advisories. All of the advisories address vulnerabilities in Cisco IOS Software. Each advisory lists the releases that correct the vulnerability or vulnerabilities in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published in Cisco Security Advisories on March 25, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml Individual publication links are listed below: * Cisco IOS cTCP Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml * Cisco IOS Software Multiple Features IP Sockets Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml * Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml * Cisco IOS Software Secure Copy Privilege Escalation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml * Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml * Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml * Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml * Cisco IOS Software WebVPN and SSLVPN Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml Affected Products ================= Vulnerable Products +------------------ Devices running affected versions of Cisco IOS Software and Cisco IOS XE Software are affected when configured to use any of the following features within Cisco IOS: * Airline Product Set (ALPS) * Serial Tunnel Code (STUN) and Block Serial Tunnel Code (BSTUN) * Native Client Interface Architecture support (NCIA) * Data-link switching (DLSw) * Remote Source-Route Bridging (RSRB) * Point to Point Tunneling Protocol (PPTP) * X.25 for Record Boundary Preservation (RBP) * X.25 over TCP (XOT) * X.25 Routing Information on how to determine whether an affected feature is enabled on a device are provided in the Details section of this advisory. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example shows a product that is running Cisco IOS Software Release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html . Products Confirmed Not Vulnerable +-------------------------------- The following product and feature have been confirmed not vulnerable: * Cisco IOS XR Software * BGP is not affected No other Cisco products or features configured within Cisco IOS Software are currently known to be affected by this vulnerability. Details ======= Completion of the 3-way handshake to the associated TCP port number (s) of any of the features outlined below is required in order for the vulnerability to be successfully exploited. Airline Product Set (ALPS) +------------------------- Devices configured for ALPS are vulnerable. The default TCP listening ports for ALPS are 350 and 10000. The following example shows a vulnerable ALPS configuration: alps local-peer <ip address> Further information about ALPS is available in "Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2 - Configuring the Airline Product Set" at the following link http://www.cisco.com/en/US/docs/ios/12_2/ibm/configuration/guide/bcfalps_ps… Serial Tunnel Code (STUN) and Block Serial Tunneling (BSTUN) +----------------------------------------------------------- Devices configured for either STUN or BSTUN are vulnerable. The default listening TCP ports for STUN are 1990,1991 1992 and 1994. The default listening TCP ports for BSTUN are 1963, 1976, 1977, 1978 and 1979 The following example shows a vulnerable STUN configuration: interface serial 0/0/0 encapsulation stun The following example shows a vulnerable BSTUN configuration: interface serial 0/0/0 encapsulation bstun Further information about STUN and BSTUN is available in "Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2 - Configuring Serial Tunnel and Block Serial Tunnel" at the following link http://www.cisco.com/en/US/docs/ios/12_2/ibm/configuration/guide/bcfstun_ps… Native Client Interface Architecture support (NCIA) +-------------------------------------------------- Devices configured for NCIA are vulnerable, because of the underlying transport they will use. The default listening TCP ports will be dependent on the protocol used with NCIA, such as RSRB or DSLw. The following examples shows a vulnerable configuration: ncia server 1 10.66.91.138 0000.1111.2222 2222.2222.2222 1 Further information about NCIA is available in "Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4 - Configuring NCIA Client/Server" at the following link http://www.cisco.com/en/US/docs/ios/bridging/configuration/guide/br_ncia_cl… Data-link switching (DLSw) +------------------------- Devices configured for DLSw are vulnerable. The default listening TCP ports for DSLw are 2065, 2067, 1981, 1982 and 1983. The following example shows a vulnerable configuration: dlsw local-peer peer-id <ip address> Devices configured with either FST Encapsulation or Direct Encapsulation are still vulnerable as the affected TCP ports are opened by the "dslw local-peer peer-id ip address" command. Further information about DLSw is available in "Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4 - Configuring Data-Link Switching Plus" at the following link http://www.cisco.com/en/US/docs/ios/bridging/configuration/guide/br_dlsw_pl… Remote Source-Route Bridging (RSRB) +---------------------------------- Devices configured for RSRB Using IP Encapsulation over a TCP connection are vulnerable. The default listening TCP ports for RSRB are 1996,1987, 1988 and 1989. The following example shows a vulnerable configuration: source-bridge ring-group 10 source-bridge remote-peer 10 tcp <ip address> Devices configured with either RSRB Using Direct Encapsulation or RSRB Using IP Encapsulation over an FST Connection are not affected. Further information about RSRB is available in "Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2 - Configuring Remote Source-Route Bridging" at the following link http://www.cisco.com/en/US/docs/ios/12_2/ibm/configuration/guide/bcfrsrb_ps… Point to Point Tunneling Protocol (PPTP) +--------------------------------------- Devices configured for PPTP are vulnerable. The default listening TCP port for PPTP is 1723. The following examples shows a vulnerable configuration: vpdn enable ! vpdn-group pptp ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 Or vpdn enable ! vpdn-group L2_Tunneling ! Default L2TP VPDN group ! Default PPTP VPDN group accept-dialin protocol any virtual-template 1 Further information about PPTP is available in "Cisco IOS VPDN Configuration Guide, Release 12.4 - Configuring Client-Initiated Dial-In VPDN Tunneling" at the following link http://www.cisco.com/en/US/docs/ios/vpdn/configuration/guide/client_init_di… X.25 Record Boundary Preservation (RBP) +-------------------------------------- Devices configured for RBP are vulnerable. The listening TCP port is configured with the "local port port_number" CLI command, as shown in the next examples. The following examples shows vulnerable configurations. The first leverages switched virtual circuits (SVC): interface Serial1/0 x25 map rbp 1111 local port <port_number> The second example, leverages a permanent virtual circuit (PVC): interface Serial1/0 x25 map pvc <pvc_number> rbp local port <port_number> Further information about RBP is available in "Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4 - X.25 Record Boundary Preservation for Data Communications Networks" at the following link http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_x25_rbp_dcn… X.25 over TCP (XOT) +------------------ Devices configured for XOT are vulnerable. The default listening TCP port for XOT is 1998. The following example shows a vulnerable configuration. xot access-group 1 and a corresponding access-list 1. Further information about XOT is available in "Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4 - X.25 over TCP Profiles" at the following link http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_x25otcp_pro… X25 Routing +---------- Devices configured with X25 are vulnerable. The default listening TCP port for X25 Routing is 1998. The following example shows a vulnerable configuration. x25 routing Further information about X25 is available in "Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4 - Configuring X.25 and LAPB" at the following link http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_cfg_x25_lap… This vulnerability is documented in the following Cisco Bug ID: CSCsr29468 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0629. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsr29468: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability will cause the device to reload. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | | | 12.0-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.1-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.2-Based | First Fixed Release | Recommended Release | | Releases | | | |------------+-----------------------------+------------------------| | 12.2 | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2B | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2BC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2BW | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2BX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2BY | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2BZ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2CX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2CY | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2CZ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2DA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2DD | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2DX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2EW | Vulnerable; first fixed in | 12.2(31)SGA9 | | | 12.2SG | | |------------+-----------------------------+------------------------| | 12.2EWA | Vulnerable; first fixed in | 12.2(31)SGA9 | | | 12.2SG | | |------------+-----------------------------+------------------------| | | Releases prior to 12.2(44) | | | | EX are vulnerable, release | | | 12.2EX | 12.2(44)EX and later are | 12.2(44)SE6 | | | not vulnerable; first fixed | | | | in 12.2SE | | |------------+-----------------------------+------------------------| | 12.2EY | 12.2(44)EY | 12.2(44)SE6 | |------------+-----------------------------+------------------------| | 12.2EZ | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2FX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2FY | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2FZ | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | | Vulnerable; first fixed in | 12.2(33)SRC4; | | 12.2IRA | 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-----------------------------+------------------------| | | Vulnerable; first fixed in | 12.2(33)SRC4; | | 12.2IRB | 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-----------------------------+------------------------| | 12.2IXA | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXB | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXC | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXD | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXE | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXF | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2IXG | Vulnerable; migrate to any | 12.2(18)IXH; Available | | | release in 12.2IXH | on 31-MAR-2009 | |------------+-----------------------------+------------------------| | 12.2JA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2JK | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2MB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2MC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2S | Vulnerable; first fixed in | 12.2(33)SB4 | | | 12.2SB | | |------------+-----------------------------+------------------------| | | 12.2(33)SB3 | | | | | | | 12.2SB | 12.2(28)SB13 | 12.2(33)SB4 | | | | | | | 12.2(31)SB14 | | |------------+-----------------------------+------------------------| | 12.2SBC | Vulnerable; first fixed in | 12.2(33)SB4 | | | 12.2SB | | |------------+-----------------------------+------------------------| | 12.2SCA | Vulnerable; first fixed in | 12.2(33)SCB1 | | | 12.2SCB | | |------------+-----------------------------+------------------------| | 12.2SCB | 12.2(33)SCB1 | 12.2(33)SCB1 | |------------+-----------------------------+------------------------| | | 12.2(46)SE2 | | | | | | | 12.2SE | 12.2(50)SE | 12.2(44)SE6 | | | | | | | 12.2(44)SE5 | | |------------+-----------------------------+------------------------| | 12.2SEA | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SEB | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SEC | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SED | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SEE | Vulnerable; first fixed in | 12.2(44)SE6 | | | 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SEF | Not Vulnerable | | |------------+-----------------------------+------------------------| | | Releases prior to 12.2(25) | | | | SEG4 are vulnerable, | | | 12.2SEG | release 12.2(25)SEG4 and | 12.2(44)SE6 | | | later are not vulnerable; | | | | first fixed in 12.2SE | | |------------+-----------------------------+------------------------| | 12.2SG | 12.2(50)SG | 12.2(52)SG; Available | | | | on 15-MAY-2009 | |------------+-----------------------------+------------------------| | 12.2SGA | 12.2(31)SGA9 | 12.2(31)SGA9 | |------------+-----------------------------+------------------------| | 12.2SL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SM | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SO | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SQ | Not Vulnerable | | |------------+-----------------------------+------------------------| | | Vulnerable; first fixed in | 12.2(33)SRC4; | | 12.2SRA | 12.2SRC | Available on | | | | 18-MAY-2009 | |------------+-----------------------------+------------------------| | | | 12.2(33)SRB5a; | | | | Available on | | 12.2SRB | Vulnerable; first fixed in | 3-April-2009 12.2(33) | | | 12.2SRC | SRC4; Available on | | | | 18-MAY-2009 12.2(33) | | | | SRD1 | |------------+-----------------------------+------------------------| | | | 12.2(33)SRC4; | | 12.2SRC | 12.2(33)SRC3 | Available on | | | | 18-MAY-2009 12.2(33) | | | | SRD1 | |------------+-----------------------------+------------------------| | 12.2SRD | 12.2(33)SRD1 | 12.2(33)SRD1 | |------------+-----------------------------+------------------------| | 12.2STE | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SU | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SV | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SVA | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SVC | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SVD | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SVE | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2SW | Vulnerable; migrate to any | | | | release in 12.4SW | | |------------+-----------------------------+------------------------| | 12.2SX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SXA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SXB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SXD | Vulnerable; first fixed in | 12.2(18)SXF16 | | | 12.2SXF | | |------------+-----------------------------+------------------------| | 12.2SXE | Vulnerable; first fixed in | 12.2(18)SXF16 | | | 12.2SXF | | |------------+-----------------------------+------------------------| | 12.2SXF | 12.2(18)SXF16 | 12.2(18)SXF16 | |------------+-----------------------------+------------------------| | | 12.2(33)SXH5; Available on | 12.2(33)SXH5; | | 12.2SXH | 20-APR-2009 | Available on | | | | 20-APR-2009 | |------------+-----------------------------+------------------------| | 12.2SXI | 12.2(33)SXI1 | 12.2(33)SXI1 | |------------+-----------------------------+------------------------| | 12.2SY | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2SZ | Vulnerable; first fixed in | 12.2(33)SB4 | | | 12.2SB | | |------------+-----------------------------+------------------------| | 12.2T | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2TPC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XD | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XE | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XF | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XG | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XH | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XI | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XJ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XK | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XM | Not Vulnerable | | |------------+-----------------------------+------------------------| | | Vulnerable; first fixed in | 12.2(33)SB4 | | 12.2XN | 12.2SRC | | | | | 12.2(33)SRD1 | |------------+-----------------------------+------------------------| | 12.2XNA | Vulnerable; first fixed in | 12.2(33)SRD1 | | | 12.2SRD | | |------------+-----------------------------+------------------------| | 12.2XNB | 12.2(33)XNB1 | 12.2(33)XNB3 | |------------+-----------------------------+------------------------| | 12.2XNC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XO | 12.2(46)XO | 12.2(46)XO | |------------+-----------------------------+------------------------| | 12.2XQ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XR | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XS | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XT | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XU | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XV | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2XW | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YD | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YE | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YF | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YG | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YH | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YJ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YK | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YM | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YN | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YO | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YP | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YQ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YR | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YS | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YT | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YU | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YV | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YW | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YX | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YY | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2YZ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZD | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZE | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZF | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZG | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZH | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZJ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.2ZP | Not Vulnerable | | |------------+-----------------------------+------------------------| | | Vulnerable; first fixed in | 12.2(33)SXH5; | | 12.2ZU | 12.2SXH | Available on | | | | 20-APR-2009 | |------------+-----------------------------+------------------------| | 12.2ZX | Vulnerable; first fixed in | 12.2(33)SB4 | | | 12.2SB | | |------------+-----------------------------+------------------------| | 12.2ZY | Vulnerable; contact TAC | | |------------+-----------------------------+------------------------| | 12.2ZYA | 12.2(18)ZYA1 | 12.2(18)ZYA1 | |------------+-----------------------------+------------------------| | Affected | | | | 12.3-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.4-Based | First Fixed Release | Recommended Release | | Releases | | | |------------+-----------------------------+------------------------| | 12.4 | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JDA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JK | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JMA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JMB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4JX | Not Vulnerable | | |------------+-----------------------------+------------------------| | | 12.4(15)MD2 | | | | | | | 12.4MD | Releases prior to 12.4(11) | 12.4(11)MD7 | | | MD6 are not vulnerable, | | | | releases 12.4(15)MD and | | | | later are vulnerable. | | |------------+-----------------------------+------------------------| | | 12.4(19)MR1 | | | | | | | 12.4MR | Releases prior to 12.4(16) | 12.4(19)MR2 | | | MR2 are not vulnerable, | | | | releases 12.4(19)MR and | | | | later are vulnerable | | |------------+-----------------------------+------------------------| | 12.4SW | Not Vulnerable | | |------------+-----------------------------+------------------------| | | 12.4(22)T | | | | | 12.4(22)T1 | | 12.4T | 12.4(20)T2 | | | | | 12.4(15)T9; Available | | | Releases prior to 12.4(20)T | on 29-APR-2009 | | | are NOT vulnerable | | |------------+-----------------------------+------------------------| | 12.4XA | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XC | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XD | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XE | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XF | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XG | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XJ | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XK | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XL | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XM | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XN | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XP | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XQ | 12.4(15)XQ2 | 12.4(15)XQ2 | |------------+-----------------------------+------------------------| | | | 12.4(22)T1 | | 12.4XR | 12.4(15)XR4 | | | | | 12.4(15)T9; Available | | | | on 29-APR-2009 | |------------+-----------------------------+------------------------| | 12.4XT | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XV | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4XW | Not Vulnerable | | |------------+-----------------------------+------------------------| | | | 12.4(22)T1 | | 12.4XY | 12.4(15)XY4 | | | | | 12.4(15)T9; Available | | | | on 29-APR-2009 | |------------+-----------------------------+------------------------| | 12.4XZ | 12.4(15)XZ2 | 12.4(15)XZ2 | |------------+-----------------------------+------------------------| | 12.4YA | 12.4(20)YA2 | 12.4(20)YA3 | |------------+-----------------------------+------------------------| | 12.4YB | Not Vulnerable | | |------------+-----------------------------+------------------------| | 12.4YD | Not Vulnerable | | +-------------------------------------------------------------------+ Workarounds =========== The following mitigations have been identified for this vulnerability, which may help protect an infrastructure until an upgrade to a fixed version of Cisco IOS software can be scheduled: Infrastructure Access Control Lists +---------------------------------- Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks. Infrastructure Access Control Lists (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for these specific vulnerabilities. The iACL example below should be included as part of the deployed infrastructure access-list which will protect all devices with IP addresses in the infrastructure IP address range: !--- !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- Feature: ALPS !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 350 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 10000 !--- !--- Deny ALPS TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 350 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 10000 !--- !--- Feature: STUN !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1994 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD range 1990 1992 !--- !--- Deny STUN TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1994 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD range 1990 1992 !--- !--- Feature: BSTUN !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1963 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD range 1976 1979 !--- !--- Deny BSTUN TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1963 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD range 1976 1979 !--- !--- Feature: NCIA !--- !--- !--- Leverage the underlying protocols, DLSw, RSRB, etc. !--- !--- !--- Feature: DLSW !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 2065 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 2067 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD range 1981 1983 !--- !--- Deny DLSW TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 2065 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 2067 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD range 1981 1983 !--- !--- Feature: RSRB !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD range 1987 1989 access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1996 !--- !--- Deny RSRB TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD range 1987 1989 access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1996 !--- !--- Feature: PPTP !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1723 !--- !--- Deny PPTP TCP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1723 !--- !--- Feature: RBP !--- !--- RBP will listen for TCP connections on the configured port !--- as per "local port <port_number>". The following example !--- uses port 1055 !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1055 !--- !--- Deny RBP traffic from all other sources destined !--- to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1055 !--- !--- Feature: XOT and X.25 Routing !--- access-list 150 permit tcp TRUSTED_HOSTS WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 1998 !--- !--- Deny XOT and X25 TCP traffic from all other sources !--- destined to infrastructure addresses. !--- access-list 150 deny tcp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 1998 !--- !--- Permit/deny all other Layer 3 and Layer 4 traffic in !--- accordance with existing security policies and !--- configurations Permit all other traffic to transit the !--- device. !--- access-list 150 permit ip any any !--- !--- Apply access-list to all interfaces (only one example !--- shown) !--- interface serial 2/0 ip access-group 150 in The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0… Receive ACLs (rACL) +------------------ For distributed platforms, Receive ACLs may be an option starting in Cisco IOS Software Versions 12.0(21)S2 for the 12000 (GSR), 12.0(24)S for the 7500, and 12.0(31)S for the 10720. The Receive ACL protects the device from harmful traffic before the traffic can impact the route processor. Receive ACLs are designed to only protect the device on which it is configured. On the 12000, 7500, and 10720, transit traffic is never affected by a receive ACL. Because of this, the destination IP address "any" used in the example ACL entries below only refer to the router's own physical or virtual IP addresses. Receive ACLs are considered a network security best practice, and should be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0… The following is the receive path ACL written to permit this type of traffic from trusted hosts: !--- !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- !--- Permit ALPS traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 350 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 10000 !--- !--- Deny ALPS traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 350 access-list 150 deny tcp any any eq 10000 !--- !--- Permit STUN traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1994 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any range 1990 1992 !--- !--- Deny STUN traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 1994 access-list 150 deny tcp any any eq range 1990 1992 !--- !--- Permit BSTUN traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1963 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any range 1976 1979 !--- !--- Deny BSTUN traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 1963 access-list 150 deny tcp any any eq range 1976 1979 !--- !--- Permit DLSw from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2065 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 2067 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any range 1981 1983 !--- !--- Deny DLSw all other sources to the RP. !--- access-list 150 deny tcp any any eq 2065 access-list 150 deny tcp any any eq 2067 access-list 150 deny tcp any any range 1981 1983 !--- !--- Permit RSRB traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1996 access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any range 1987 1989 !--- !--- Deny RSRB traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 1996 access-list 150 deny tcp any any range 1987 1989 !--- !--- Permit PPTP traffic from trusted hosts allowed to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1723 !--- !--- Deny PPTP traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 1723 !--- !--- Permit RBP traffic from trusted hosts allowed to the RP. !--- RBP will listen for TCP connections on the configured port !--- as per "local port <port_number>". The following example !--- uses port 1055 !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1055 !--- !--- Deny RBP traffic from all other sources to the RP. !--- access-list 150 deny tcp any any eq 1055 !--- !--- Permit XOT and X.25 Routing traffic from trusted hosts allowed !--- to the RP. !--- access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 1998 !--- !--- Deny XOT and X.25 Routing traffic from all other sources to !--- the RP. !--- access-list 150 deny tcp any any eq 1998 !--- Permit all other traffic to the RP. !--- according to security policy and configurations. access-list 150 permit ip any any !--- Apply this access list to the 'receive' path. ip receive access-list 150 Control Plane Policing +--------------------- Control Plane Policing (CoPP) can be used to block the affected features TCP traffic access to the device. Cisco IOS software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP that will protect all devices with IP addresses in the infrastructure IP address range. !--- !--- Only sections pertaining to features enabled on the device !--- need be configured. !--- !--- Feature: ALPS !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 350 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 10000 !--- !--- Permit ALPS traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 350 access-list 150 permit tcp any any eq 10000 !--- !--- Feature: STUN !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1994 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any range 1990 1992 !--- !--- Permit STUN traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 1994 access-list 150 permit tcp any any range 1990 1992 !--- !--- Feature: BSTUN !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1963 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any range 1976 1979 !--- !--- Permit BSTUN traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 1963 access-list 150 permit tcp any any range 1976 1979 !--- !--- Feature: NCIA !--- !--- Leverage the underlying protocols, DLSw, RSRB, etc. !--- !--- !--- Feature: DLSW !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 2065 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 2067 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any range 1981 1983 !--- !--- Permit DLSW traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 2065 access-list 150 permit tcp any any eq 2067 access-list 150 permit tcp any any range 1981 1983 !--- !--- Feature: RSRB !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any range 1987 1989 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1996 !--- !--- Permit RSRB traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any range 1987 1989 access-list 150 permit tcp any any eq 1996 !--- !--- Feature: PPTP !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1723 !--- !--- Permit PPTP traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 1723 !--- !--- Feature: RBP !--- !--- RBP will listen for TCP connections on the configured port !--- as per "local port <port_number>". The following example !--- uses port 1055 access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1055 !--- !--- Permit RBP traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 1055 !--- !--- Feature: XOT and X.25 Routing !--- access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 1998 !--- !--- Permit XOT and X25 traffic sent to all IP addresses !--- configured on all interfaces of the affected device so !--- that it will be policed and dropped by the CoPP feature !--- access-list 150 permit tcp any any eq 1998 !--- !--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and !--- Layer4 traffic in accordance with existing security policies !--- configurations for traffic that is authorized to be sent !--- and to infrastructure devices !--- Create a Class-Map for traffic to be policed by !--- the CoPP feature !--- class-map match-all drop-tcp-class match access-group 150 !--- !--- Create a Policy-Map that will be applied to the !--- Control-Plane of the device. !--- policy-map drop-tcp-traffic class drop-tcp-class drop !--- !--- Apply the Policy-Map to the !--- Control-Plane of the device !--- control-plane service-policy input drop-tcp-traffic In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Please note that the policy-map syntax is different in the 12.2S and 12.0S Cisco IOS trains: policy-map drop-tcp-traffic class drop-tcp-class police 32000 1500 1500 conform-action drop exceed-action drop Additional information on the configuration and use of the CoPP feature can be found in the documents, "Control Plane Policing Implementation Best Practices" and "Cisco IOS Software Releases 12.2S - - Control Plane Policing" at the following links http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html Additional mitigations that can be deployed on Cisco devices within the network are available in the "Cisco Applied Mitigation Bulletin" companion document for this advisory, at the following link http://www.cisco.com/warp/public/707/cisco-amb-20090325-tcp-and-ip.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found by Cisco internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-March-25 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.… This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknKUb8ACgkQ86n/Gc8U/uCp1gCfS6aMv74rf1bDoby1JcGRFsN3 hpYAn1Oqp7nQxPwBrtptF3WM42HgGdIk =NVYK -----END PGP SIGNATURE-----

1 0

Weekly Routing Table Report
by Routing Analysis Role Account 20 Mar '09

20 Mar '09

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-stats(a)lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith <pfs(a)cisco.com>. Routing Table Report 04:00 +10GMT Sat 21 Mar, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary ---------------- BGP routing table entries examined: 283363 Prefixes after maximum aggregation: 134180 Deaggregation factor: 2.11 Unique aggregates announced to Internet: 138749 Total ASes present in the Internet Routing Table: 30859 Prefixes per ASN: 9.18 Origin-only ASes present in the Internet Routing Table: 26860 Origin ASes announcing only one prefix: 13062 Transit ASes present in the Internet Routing Table: 3999 Transit-only ASes present in the Internet Routing Table: 90 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 25 Max AS path prepend of ASN (18678) 21 Prefixes from unregistered ASNs in the Routing Table: 498 Unregistered ASNs in the Routing Table: 166 Number of 32-bit ASNs allocated by the RIRs: 132 Prefixes from 32-bit ASNs in the Routing Table: 19 Special use prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 238 Number of addresses announced to Internet: 2017104896 Equivalent to 120 /8s, 58 /16s and 148 /24s Percentage of available address space announced: 54.4 Percentage of allocated address space announced: 63.6 Percentage of available address space allocated: 85.5 Percentage of address space in use by end-sites: 76.0 Total number of prefixes smaller than registry allocations: 139447 APNIC Region Analysis Summary ----------------------------- Prefixes being announced by APNIC Region ASes: 65453 Total APNIC prefixes after maximum aggregation: 23417 APNIC Deaggregation factor: 2.80 Prefixes being announced from the APNIC address blocks: 62300 Unique aggregates announced from the APNIC address blocks: 28437 APNIC Region origin ASes present in the Internet Routing Table: 3576 APNIC Prefixes per ASN: 17.42 APNIC Region origin ASes announcing only one prefix: 963 APNIC Region transit ASes present in the Internet Routing Table: 552 Average APNIC Region AS path length visible: 3.5 Max APNIC Region AS path length visible: 19 Number of APNIC addresses announced to Internet: 405339808 Equivalent to 24 /8s, 40 /16s and 254 /24s Percentage of available APNIC address space announced: 80.5 APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary ---------------------------- Prefixes being announced by ARIN Region ASes: 124216 Total ARIN prefixes after maximum aggregation: 65427 ARIN Deaggregation factor: 1.90 Prefixes being announced from the ARIN address blocks: 93638 Unique aggregates announced from the ARIN address blocks: 36241 ARIN Region origin ASes present in the Internet Routing Table: 12858 ARIN Prefixes per ASN: 7.28 ARIN Region origin ASes announcing only one prefix: 4944 ARIN Region transit ASes present in the Internet Routing Table: 1242 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 20 Number of ARIN addresses announced to Internet: 419705152 Equivalent to 25 /8s, 4 /16s and 49 /24s Percentage of available ARIN address space announced: 80.7 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959, 46080-47103 ARIN Address Blocks 24/8, 63/8, 64/8, 65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8, 72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8, 98/8, 99/8, 108/8, 173/8, 174/8, 184/8, 199/8, 204/8, 205/8, 206/8, 207/8, 208/8, 209/8, 216/8, RIPE Region Analysis Summary ---------------------------- Prefixes being announced by RIPE Region ASes: 64872 Total RIPE prefixes after maximum aggregation: 37755 RIPE Deaggregation factor: 1.72 Prefixes being announced from the RIPE address blocks: 59455 Unique aggregates announced from the RIPE address blocks: 39555 RIPE Region origin ASes present in the Internet Routing Table: 12812 RIPE Prefixes per ASN: 4.64 RIPE Region origin ASes announcing only one prefix: 6725 RIPE Region transit ASes present in the Internet Routing Table: 1924 Average RIPE Region AS path length visible: 4.0 Max RIPE Region AS path length visible: 23 Number of RIPE addresses announced to Internet: 391469984 Equivalent to 23 /8s, 85 /16s and 91 /24s Percentage of available RIPE address space announced: 83.3 RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614 (pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631 6656-6911, 8192-9215, 12288-13311, 15360-16383 20480-21503, 24576-25599, 28672-29695 30720-31743, 33792-35839, 38912-39935 40960-45055, 47104-52223 RIPE Address Blocks 62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8, 83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8, 90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8, 178/8, 193/8, 194/8, 195/8, 212/8, 213/8, 217/8, LACNIC Region Analysis Summary ------------------------------ Prefixes being announced by LACNIC Region ASes: 23523 Total LACNIC prefixes after maximum aggregation: 5813 LACNIC Deaggregation factor: 4.05 Prefixes being announced from the LACNIC address blocks: 21691 Unique aggregates announced from the LACNIC address blocks: 11409 LACNIC Region origin ASes present in the Internet Routing Table: 1082 LACNIC Prefixes per ASN: 20.05 LACNIC Region origin ASes announcing only one prefix: 343 LACNIC Region transit ASes present in the Internet Routing Table: 179 Average LACNIC Region AS path length visible: 4.0 Max LACNIC Region AS path length visible: 25 Number of LACNIC addresses announced to Internet: 61525504 Equivalent to 3 /8s, 170 /16s and 206 /24s Percentage of available LACNIC address space announced: 61.1 LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247 plus ERX transfers LACNIC Address Blocks 186/8, 187/8, 189/8, 190/8, 200/8, 201/8, AfriNIC Region Analysis Summary ------------------------------- Prefixes being announced by AfriNIC Region ASes: 4836 Total AfriNIC prefixes after maximum aggregation: 1392 AfriNIC Deaggregation factor: 3.47 Prefixes being announced from the AfriNIC address blocks: 4536 Unique aggregates announced from the AfriNIC address blocks: 1343 AfriNIC Region origin ASes present in the Internet Routing Table: 288 AfriNIC Prefixes per ASN: 15.75 AfriNIC Region origin ASes announcing only one prefix: 87 AfriNIC Region transit ASes present in the Internet Routing Table: 55 Average AfriNIC Region AS path length visible: 3.9 Max AfriNIC Region AS path length visible: 15 Number of AfriNIC addresses announced to Internet: 10131968 Equivalent to 0 /8s, 154 /16s and 154 /24s Percentage of available AfriNIC address space announced: 30.2 AfriNIC AS Blocks 36864-37887 & ERX transfers AfriNIC Address Blocks 41/8, 197/8, APNIC Region per AS prefix count summary ---------------------------------------- ASN No of nets /20 equiv MaxAgg Description 4766 1691 6930 393 Korea Telecom (KIX) 17488 1527 119 98 Hathway IP Over Cable Interne 4755 1218 431 179 TATA Communications formerly 9583 1093 86 531 Sify Limited 4134 925 16263 365 CHINANET-BACKBONE 7545 765 159 104 TPG Internet Pty Ltd 18101 755 206 31 Reliance Infocom Ltd Internet 9498 692 296 50 BHARTI BT INTERNET LTD. 24560 678 228 175 Bharti Airtel Ltd. 9829 637 490 21 BSNL National Internet Backbo Complete listing at http://thyme.apnic.net/current/data-ASnet-APNIC ARIN Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4324 3672 329 bellsouth.net, inc. 209 2908 4149 634 Qwest 4323 1801 1049 372 Time Warner Telecom 1785 1732 717 139 PaeTec Communications, Inc. 20115 1593 1431 720 Charter Communications 7018 1445 5896 1019 AT&T WorldNet Services 6478 1295 297 530 AT&T Worldnet Services 2386 1263 681 902 AT&T Data Communications Serv 11492 1194 192 12 Cable One 3356 1174 10976 444 Level 3 Communications, LLC Complete listing at http://thyme.apnic.net/current/data-ASnet-ARIN RIPE Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8452 1250 188 7 TEDATA 3292 444 1762 389 TDC Tele Danmark 30890 441 87 196 SC Kappa Invexim SRL 12479 404 578 6 Uni2 Autonomous System 3320 353 7081 296 Deutsche Telekom AG 3301 344 1686 309 TeliaNet Sweden 8866 337 109 22 Bulgarian Telecommunication C 3215 336 2985 109 France Telecom Transpac 29049 321 26 3 AzerSat LLC. 8551 313 288 40 Bezeq International Complete listing at http://thyme.apnic.net/current/data-ASnet-RIPE LACNIC Region per AS prefix count summary ----------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8151 1444 2832 234 UniNet S.A. de C.V. 10620 845 191 80 TVCABLE BOGOTA 22047 606 302 14 VTR PUNTO NET S.A. 7303 520 260 80 Telecom Argentina Stet-France 11830 520 294 42 Instituto Costarricense de El 16814 491 31 10 NSS, S.A. 6471 441 95 32 ENTEL CHILE S.A. 11172 406 102 72 Servicios Alestra S.A de C.V 7738 397 794 28 Telecomunicacoes da Bahia S.A 28573 385 518 25 NET Servicos de Comunicao S.A Complete listing at http://thyme.apnic.net/current/data-ASnet-LACNIC AfriNIC Region per AS prefix count summary ------------------------------------------ ASN No of nets /20 equiv MaxAgg Description 24863 829 74 30 LINKdotNET AS number 20858 292 34 3 This AS will be used to conne 3741 272 858 232 The Internet Solution 2018 241 215 141 Tertiary Education Network 6713 159 150 15 Itissalat Al-MAGHRIB 33783 150 10 8 EEPAD TISP TELECOM & INTERNET 29571 132 15 8 Ci Telecom Autonomous system 5536 123 8 9 Internet Egypt Network 5713 115 507 65 Telkom SA Ltd 33776 112 6 6 Starcomms Nigeria Limited Complete listing at http://thyme.apnic.net/current/data-ASnet-AFRINIC Global Per AS prefix count summary ---------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4324 3672 329 bellsouth.net, inc. 209 2908 4149 634 Qwest 4323 1801 1049 372 Time Warner Telecom 1785 1732 717 139 PaeTec Communications, Inc. 4766 1691 6930 393 Korea Telecom (KIX) 20115 1593 1431 720 Charter Communications 17488 1527 119 98 Hathway IP Over Cable Interne 7018 1445 5896 1019 AT&T WorldNet Services 8151 1444 2832 234 UniNet S.A. de C.V. 6478 1295 297 530 AT&T Worldnet Services Complete listing at http://thyme.apnic.net/current/data-ASnet Global Per AS Maximum Aggr summary ---------------------------------- ASN No of nets Net Savings Description 209 2908 2274 Qwest 1785 1732 1593 PaeTec Communications, Inc. 4323 1801 1429 Time Warner Telecom 17488 1527 1429 Hathway IP Over Cable Interne 4766 1691 1298 Korea Telecom (KIX) 8452 1250 1243 TEDATA 8151 1444 1210 UniNet S.A. de C.V. 11492 1194 1182 Cable One 18566 1061 1051 Covad Communications 4755 1218 1039 TATA Communications formerly Complete listing at http://thyme.apnic.net/current/data-CIDRnet List of Unregistered Origin ASNs (Global) ----------------------------------------- Bad AS Designation Network Transit AS Description 16927 UNALLOCATED 12.0.252.0/23 7018 AT&T WorldNet Servic 15132 UNALLOCATED 12.9.150.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.14.170.0/24 7018 AT&T WorldNet Servic 13746 UNALLOCATED 12.24.56.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.25.107.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.152.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.154.0/23 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.159.0/24 7018 AT&T WorldNet Servic 32326 UNALLOCATED 12.40.49.0/24 7018 AT&T WorldNet Servic 25639 UNALLOCATED 12.41.169.0/24 7018 AT&T WorldNet Servic Complete listing at http://thyme.apnic.net/current/data-badAS Advertised Unallocated Addresses -------------------------------- Network Origin AS Description 24.75.116.0/22 10796 ServiceCo LLC - Road Runner 24.246.0.0/17 7018 AT&T WorldNet Services 24.246.128.0/18 7018 AT&T WorldNet Services 41.220.16.0/20 8668 TelOne Zimbabwe P/L 41.223.112.0/22 5713 Telkom SA Ltd 41.223.188.0/24 22351 Intelsat 41.223.189.0/24 26452 Local Communications Networks 62.61.220.0/24 24974 Tachyon Europe BV - Wireless 62.61.221.0/24 24974 Tachyon Europe BV - Wireless 63.140.213.0/24 22555 Universal Talkware Corporatio Complete listing at http://thyme.apnic.net/current/data-add-IANA Number of prefixes announced per prefix length (Global) ------------------------------------------------------- /1:0 /2:0 /3:0 /4:0 /5:0 /6:0 /7:0 /8:19 /9:10 /10:20 /11:55 /12:163 /13:320 /14:580 /15:1134 /16:10384 /17:4638 /18:7988 /19:17022 /20:20163 /21:19860 /22:25312 /23:25214 /24:148254 /25:697 /26:861 /27:545 /28:106 /29:8 /30:3 /31:0 /32:7 Advertised prefixes smaller than registry allocations ----------------------------------------------------- ASN No of nets Total ann. Description 6389 2806 4324 bellsouth.net, inc. 209 1615 2908 Qwest 4766 1395 1691 Korea Telecom (KIX) 17488 1297 1527 Hathway IP Over Cable Interne 8452 1229 1250 TEDATA 11492 1149 1194 Cable One 1785 1140 1732 PaeTec Communications, Inc. 18566 1042 1061 Covad Communications 2386 964 1263 AT&T Data Communications Serv 9583 945 1093 Sify Limited Complete listing at http://thyme.apnic.net/current/data/sXXas-nos Number of /24s announced per /8 block (Global) ---------------------------------------------- 4:13 8:172 12:2195 13:3 15:19 16:3 17:4 20:35 24:1115 32:51 38:551 40:97 41:2009 43:1 44:2 47:21 52:3 55:2 56:3 57:25 58:536 59:624 60:460 61:1107 62:1121 63:2011 64:3549 65:2421 66:3562 67:1493 68:677 69:2509 70:509 71:164 72:1665 73:2 74:1439 75:205 76:313 77:833 78:544 79:304 80:958 81:824 82:560 83:411 84:596 85:1019 86:397 87:632 88:352 89:1491 90:45 91:2064 92:276 93:1110 94:1202 95:829 96:104 97:190 98:238 99:17 109:1 110:7 112:87 113:89 114:221 115:234 116:1128 117:477 118:289 119:656 120:138 121:708 122:981 123:564 124:958 125:1291 128:220 129:225 130:130 131:413 132:74 133:9 134:188 135:39 136:223 137:144 138:146 139:78 140:416 141:104 142:393 143:326 144:325 145:41 146:374 147:149 148:513 149:237 150:147 151:206 152:151 153:135 154:11 155:266 156:167 157:297 158:132 159:266 160:281 161:137 162:270 163:148 164:479 165:516 166:277 167:361 168:682 169:163 170:472 171:39 172:10 173:246 174:161 178:1 186:6 187:44 188:8 189:310 190:2709 192:5807 193:4216 194:3329 195:2658 196:1067 198:3729 199:3314 200:5500 201:1360 202:7865 203:8051 204:3783 205:2162 206:2359 207:2805 208:3880 209:3446 210:2635 211:1114 212:1493 213:1692 214:68 215:25 216:4527 217:1263 218:371 219:418 220:1216 221:459 222:261 End of report

1 0

BGP Update Report
by cidr-report＠potaroo.net 20 Mar '09

20 Mar '09

BGP Update Report Interval: 16-Feb-09 -to- 19-Mar-09 (32 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASN Upds % Upds/Pfx AS-Name 1 - AS9583 253960 5.8% 239.4 -- SIFY-AS-IN Sify Limited 2 - AS3130 89734 2.1% 690.3 -- RGNET-3130 RGnet/PSGnet 3 - AS6629 47663 1.1% 6809.0 -- NOAA-AS - NOAA 4 - AS17974 38119 0.9% 73.4 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 5 - AS35805 35885 0.8% 119.6 -- UTG-AS United Telecom AS 6 - AS5056 31399 0.7% 273.0 -- INS-NET-2 - Iowa Network Services 7 - AS4771 29929 0.7% 114.2 -- NZTELECOM Netgate 8 - AS6458 28813 0.7% 86.5 -- Telgua 9 - AS9498 28440 0.7% 40.7 -- BBIL-AP BHARTI Airtel Ltd. 10 - AS29372 27845 0.6% 312.9 -- SFR-NETWORK SFR 11 - AS17488 25506 0.6% 15.5 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 12 - AS5050 24268 0.6% 2426.8 -- PSC-EXT - Pittsburgh Supercomputing Center 13 - AS9829 24134 0.6% 38.3 -- BSNL-NIB National Internet Backbone 14 - AS30306 23561 0.5% 5890.2 -- AfOL-Sz-AS 15 - AS7643 22355 0.5% 19.6 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 16 - AS4648 21617 0.5% 106.0 -- NZIX-2 Netgate 17 - AS4795 19482 0.5% 59.9 -- INDOSATM2-ID INDOSATM2 ASN 18 - AS8103 19256 0.4% 32.1 -- STATE-OF-FLA - Florida Department of Management Services - Technology Program 19 - AS4249 18550 0.4% 106.0 -- LILLY-AS - Eli Lilly and Company 20 - AS10620 17379 0.4% 20.3 -- TV Cable S.A. TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASN Upds % Upds/Pfx AS-Name 1 - AS5691 10287 0.2% 10287.0 -- MITRE-AS-5 - The MITRE Corporation 2 - AS6629 47663 1.1% 6809.0 -- NOAA-AS - NOAA 3 - AS30306 23561 0.5% 5890.2 -- AfOL-Sz-AS 4 - AS19017 5796 0.1% 5796.0 -- QUALCOMM-QWBS-LV - Qualcomm, Inc. 5 - AS6312 3279 0.1% 3279.0 -- WESTWORLD-AS - WestWorld Media, LLC 6 - AS8225 3108 0.1% 3108.0 -- ASTELIT-MSK-AS Astelit Autonomous System 7 - AS41343 5906 0.1% 2953.0 -- TRIUNFOTEL-ASN TRIUNFOTEL 8 - AS5050 24268 0.6% 2426.8 -- PSC-EXT - Pittsburgh Supercomputing Center 9 - AS28194 4620 0.1% 2310.0 -- 10 - AS46653 6467 0.1% 2155.7 -- FREDRIKSON---BYRON - Fredrikson & Byron, P.A. 11 - AS12500 6320 0.1% 2106.7 -- RCS-AS RCS Autonomus System 12 - AS8755 2068 0.1% 2068.0 -- CITYLINESPB-AS CityLine-SPb Autonomous System 13 - AS48144 2006 0.1% 2006.0 -- NETWORKTECH Network Technology 14 - AS30552 1966 0.1% 1966.0 -- SAINT-JOSEPHS-HOSPITAL-OF-ATLANTA - Saint Joseph's Hospital of Atlanta 15 - AS3944 1944 0.0% 1944.0 -- PARTAN-LAB - Partan & Partan 16 - AS32398 12766 0.3% 1595.8 -- REALNET-ASN-1 17 - AS46328 14167 0.3% 1574.1 -- PTCNEBRASKA - PIERCE TELEPHONE COMPANY, INCORPORATED 18 - AS35335 1527 0.0% 1527.0 -- ESSTU-AS East-Siberian State Technological University AS 19 - AS30287 1492 0.0% 1492.0 -- ALON-USA - ALON USA, LP 20 - AS30520 5756 0.1% 1439.0 -- NUANCE-SOMERVILLE - NUANCE COMMUNICATIONS, INC TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 72.23.246.0/24 24166 0.5% AS5050 -- PSC-EXT - Pittsburgh Supercomputing Center 2 - 221.134.32.0/24 22424 0.5% AS9583 -- SIFY-AS-IN Sify Limited 3 - 221.135.105.0/24 21045 0.4% AS9583 -- SIFY-AS-IN Sify Limited 4 - 210.214.177.0/24 20999 0.4% AS9583 -- SIFY-AS-IN Sify Limited 5 - 210.214.232.0/24 20910 0.4% AS9583 -- SIFY-AS-IN Sify Limited 6 - 210.214.184.0/24 20833 0.4% AS9583 -- SIFY-AS-IN Sify Limited 7 - 210.214.156.0/24 20830 0.4% AS9583 -- SIFY-AS-IN Sify Limited 8 - 210.214.132.0/24 20826 0.4% AS9583 -- SIFY-AS-IN Sify Limited 9 - 210.214.222.0/24 20744 0.4% AS9583 -- SIFY-AS-IN Sify Limited 10 - 210.214.146.0/24 20619 0.4% AS9583 -- SIFY-AS-IN Sify Limited 11 - 210.214.117.0/24 20472 0.4% AS9583 -- SIFY-AS-IN Sify Limited 12 - 210.210.127.0/24 20403 0.4% AS9583 -- SIFY-AS-IN Sify Limited 13 - 192.35.129.0/24 15986 0.3% AS6629 -- NOAA-AS - NOAA 14 - 192.102.88.0/24 15872 0.3% AS6629 -- NOAA-AS - NOAA 15 - 198.77.177.0/24 15790 0.3% AS6629 -- NOAA-AS - NOAA 16 - 41.204.2.0/24 12442 0.3% AS32398 -- REALNET-ASN-1 17 - 212.85.223.0/24 11395 0.2% AS30306 -- AfOL-Sz-AS 18 - 212.85.220.0/24 11387 0.2% AS19711 -- SWAZI-NET AS30306 -- AfOL-Sz-AS 20 - 205.104.240.0/20 10674 0.2% AS5237 -- DODNIC - DoD Network Information Center AS5839 -- DDN-ASNBLK - DoD Network Information Center Details at http://bgpupdates.potaroo.net ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

The Cidr Report
by cidr-report＠potaroo.net 20 Mar '09

20 Mar '09

This report has been generated at Fri Mar 20 21:14:04 2009 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date Prefixes CIDR Agg 13-03-09 289939 180761 14-03-09 289873 180675 15-03-09 289989 180688 16-03-09 289977 180873 17-03-09 289990 180964 18-03-09 290318 180827 19-03-09 290375 181084 20-03-09 290412 181230 AS Summary 30948 Number of ASes in routing system 13129 Number of ASes announcing only one prefix 4324 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 89742336 Largest address span announced by an AS (/32s) AS27064: DDN-ASNBLK1 - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 20Mar09 --- ASnum NetsNow NetsAggr NetGain % Gain Description Table 290499 181251 109248 37.6% All ASes AS6389 4324 343 3981 92.1% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4323 4244 1839 2405 56.7% TWTC - tw telecom holdings, inc. AS209 2916 1281 1635 56.1% ASN-QWEST - Qwest Communications Corporation AS4766 1818 527 1291 71.0% KIXS-AS-KR Korea Telecom AS17488 1530 330 1200 78.4% HATHWAY-NET-AP Hathway IP Over Cable Internet AS22773 1038 66 972 93.6% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1218 263 955 78.4% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS8452 1250 335 915 73.2% TEDATA TEDATA AS8151 1445 558 887 61.4% Uninet S.A. de C.V. AS1785 1732 888 844 48.7% AS-PAETEC-NET - PaeTec Communications, Inc. AS19262 969 250 719 74.2% VZGNI-TRANSIT - Verizon Internet Services Inc. AS11492 1194 525 669 56.0% CABLEONE - CABLE ONE, INC. AS7545 785 199 586 74.6% TPG-INTERNET-AP TPG Internet Pty Ltd AS6478 1295 736 559 43.2% ATT-INTERNET3 - AT&T WorldNet Services AS18101 755 201 554 73.4% RIL-IDC Reliance Infocom Ltd Internet Data Centre, AS3356 1175 646 529 45.0% LEVEL3 Level 3 Communications AS2706 544 26 518 95.2% HKSUPER-HK-AP Pacific Internet (Hong Kong) Limited AS22047 606 120 486 80.2% VTR BANDA ANCHA S.A. AS17908 601 125 476 79.2% TCISL Tata Communications AS4808 612 158 454 74.2% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS7018 1451 1017 434 29.9% ATT-INTERNET4 - AT&T WorldNet Services AS24560 678 250 428 63.1% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS9443 510 91 419 82.2% INTERNETPRIMUS-AS-AP Primus Telecommunications AS4804 476 63 413 86.8% MPX-AS Microplex PTY LTD AS17676 530 119 411 77.5% GIGAINFRA BB TECHNOLOGY Corp. AS4668 691 284 407 58.9% LGNET-AS-KR LG CNS AS4134 933 529 404 43.3% CHINANET-BACKBONE No.31,Jin-rong Street AS7011 953 553 400 42.0% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS10620 845 460 385 45.6% TV Cable S.A. AS6471 441 62 379 85.9% ENTEL CHILE S.A. Total 37559 12844 24715 65.8% Top 30 total Possible Bogus Routes 24.75.116.0/22 AS10796 SCRR-10796 - Road Runner HoldCo LLC 24.245.128.0/17 AS11492 CABLEONE - CABLE ONE, INC. 24.246.0.0/17 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 24.246.128.0/18 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 41.220.16.0/20 AS8668 TELONE-AS TelOne Zimbabwe P/L 41.223.112.0/22 AS5713 SAIX-NET 41.223.188.0/24 AS22351 INTELSAT Intelsat Global BGP Routing Policy 41.223.189.0/24 AS26452 BRING-AS - BringCom, Inc. 62.61.220.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 62.61.221.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 63.140.213.0/24 AS22555 UTC - Universal Talkware Corporation 63.143.251.0/24 AS22555 UTC - Universal Talkware Corporation 64.31.32.0/19 AS11955 SCRR-11955 - Road Runner HoldCo LLC 64.31.32.0/22 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.36.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.38.0/23 AS12262 RR-CINCINNATI-ASN-01 - Road Runner HoldCo LLC 64.31.40.0/23 AS12262 RR-CINCINNATI-ASN-01 - Road Runner HoldCo LLC 64.31.42.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.44.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.46.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.48.0/22 AS11060 NEO-RR-COM - Road Runner HoldCo LLC 64.31.53.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.55.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.59.0/24 AS7017 SCRR-7015 - Road Runner HoldCo LLC 64.31.60.0/24 AS7017 SCRR-7015 - Road Runner HoldCo LLC 64.64.159.0/24 AS32004 BIG-ASN - Business Information Group, Inc. 64.73.192.0/19 AS11247 IBSINC - Internet Business Services, Inc. 64.79.88.0/24 AS26096 LODDEN - Lodden Services 64.79.89.0/24 AS26096 LODDEN - Lodden Services 64.147.64.0/19 AS40156 THEOPT-HOU - The Optimal Link Corporation 64.186.0.0/19 AS6371 AMERICATEL - Americatel Corporation 64.186.6.0/24 AS6371 AMERICATEL - Americatel Corporation 66.11.32.0/20 AS6261 VISINET - Visionary Systems, Inc. 66.11.40.0/21 AS6261 VISINET - Visionary Systems, Inc. 66.54.91.0/24 AS30506 BLACKSUN-1 - Blacksun Technologies LLC 66.55.160.0/19 AS29994 66.180.239.0/24 AS35888 VIGNETTE - VIGNETTE CORPORATION 66.206.32.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.33.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.34.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.35.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.40.0/22 AS174 COGENT Cogent/PSI 66.206.44.0/23 AS174 COGENT Cogent/PSI 66.206.47.0/24 AS17557 PKTELECOM-AS-AP Pakistan Telecom 66.207.32.0/20 AS23011 66.245.176.0/20 AS19318 NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 69.71.192.0/20 AS13818 PHX-INTL-TELEPORT - Phoenix International Teleport 69.80.0.0/17 AS3043 AMPHIB-AS - Amphibian Media Corporation 80.88.0.0/21 AS33774 DJAWEB 80.88.8.0/22 AS33774 DJAWEB 80.88.10.0/24 AS33774 DJAWEB 80.88.12.0/24 AS33779 wataniya-telecom-as 95.215.184.0/22 AS39056 ANOXIN PB Anoxin 98.96.0.0/13 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 109.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 109.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 109.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 121.46.0.0/16 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 121.50.168.0/21 AS9931 CAT-AP The Communication Authoity of Thailand, CAT 122.128.120.0/22 AS38456 PACTEL-AS-AP Pacific Teleports. 137.0.0.0/13 AS27064 DDN-ASNBLK1 - DoD Network Information Center 163.142.0.0/16 AS2500 WIDE-BB WIDE Project 172.7.0.0/24 AS28175 172.10.1.0/30 AS18305 POSNET POSDATA Co.,Ltd 178.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 192.9.0.0/16 AS11479 BRM-SUN-AS - Sun Microsystems, Inc 192.9.200.0/24 AS3602 AS3602-RTI - Rogers Telecom Inc. 192.64.85.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.107.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.108.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.177.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.70.164.0/24 AS25689 NRCNET-AS - National Research Council of Canada 192.96.37.0/24 AS10474 NETACTIVE 192.96.135.0/24 AS2018 TENET-1 192.96.136.0/23 AS2018 TENET-1 192.96.141.0/24 AS2018 TENET-1 192.96.143.0/24 AS2018 TENET-1 192.96.145.0/24 AS2018 TENET-1 192.96.177.0/24 AS6083 POSIX-AFRICA 192.101.45.0/24 AS2905 TICSA-ASN 192.101.46.0/24 AS6503 Avantel, S.A. 192.101.64.0/21 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.70.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.71.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.72.0/24 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.74.0/24 AS1239 SPRINTLINK - Sprint 192.124.248.0/23 AS680 DFN-IP service G-WiN 192.124.252.0/22 AS680 DFN-IP service G-WiN 192.131.233.0/24 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 192.133.6.0/24 AS10282 ORANGE-BUSINESS-SERVICES-CEEUR Orange Business Services (formerly Equant) AS for CEEUR 192.153.144.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 192.154.32.0/19 AS81 NCREN - MCNC 192.188.208.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 196.6.108.0/24 AS5713 SAIX-NET 196.10.119.0/24 AS2018 TENET-1 196.10.122.0/23 AS2018 TENET-1 196.10.251.0/24 AS2018 TENET-1 196.10.252.0/23 AS2018 TENET-1 196.10.254.0/24 AS2018 TENET-1 196.13.101.0/24 AS2018 TENET-1 196.13.102.0/23 AS2018 TENET-1 196.13.104.0/24 AS2018 TENET-1 196.13.121.0/24 AS2018 TENET-1 196.13.125.0/24 AS2018 TENET-1 196.13.126.0/24 AS2018 TENET-1 196.13.169.0/24 AS2018 TENET-1 196.13.174.0/23 AS2018 TENET-1 196.13.176.0/21 AS2018 TENET-1 196.13.192.0/22 AS2018 TENET-1 196.13.196.0/24 AS2018 TENET-1 196.32.96.0/20 AS6453 GLOBEINTERNET TATA Communications 196.202.224.0/21 AS8818 TELE Greenland Autonomous System 198.1.2.0/24 AS4761 INDOSAT-INP-AP INDOSAT Internet Network Provider 198.23.26.0/24 AS4390 BELLATLANTIC-COM - Bell Atlantic, Inc. 198.54.82.0/24 AS2018 TENET-1 198.54.92.0/24 AS2018 TENET-1 198.54.222.0/24 AS2018 TENET-1 198.97.72.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.97.96.0/19 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.97.240.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.161.87.0/24 AS6539 GT-BELL - Bell Canada 198.167.0.0/16 AS7456 INTERHOP - Interhop Network SERVICES Inc. 198.168.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 198.169.0.0/16 AS803 SASKTEL - Saskatchewan Telecommunications 198.180.198.0/24 AS23715 SEOUL-INTGW-GXS-AP Global Exchange Services 199.10.0.0/16 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.114.0.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.114.128.0/18 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.114.130.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.131.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.132.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.134.0/24 AS3541 ITSDN-U4 - DoD Network Information Center 199.114.136.0/24 AS27044 DDN-ASNBLK1 - DoD Network Information Center 199.114.138.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.140.0/24 AS3544 ITSDN-U7 - DoD Network Information Center 199.114.142.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.144.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.148.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.150.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.152.0/24 AS27033 DDN-ASNBLK1 - DoD Network Information Center 199.114.153.0/24 AS27034 DDN-ASNBLK1 - DoD Network Information Center 199.114.154.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.156.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.160.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.121.0.0/16 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.0.0/18 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.16.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.80.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.189.32.0/19 AS7332 IQUEST-AS - IQuest Internet 199.202.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 199.202.216.0/21 AS577 BACOM - Bell Canada 199.246.116.0/24 AS813 UUNET-CANADA - MCI Communications Services, Inc. d/b/a Verizon Business 202.6.176.0/20 AS24316 202.58.113.0/24 AS19161 INNOCOM-TELECOM - INNOCOM TELECOM 202.72.40.0/24 AS38205 202.72.41.0/24 AS38205 202.73.144.0/20 AS4788 TMNET-AS-AP TM Net, Internet Service Provider 202.80.192.0/20 AS2706 HKSUPER-HK-AP Pacific Internet (Hong Kong) Limited 202.86.252.0/22 AS4748 RESOLINK-AS-AP Resources Link Network Limited 202.86.252.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.253.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.254.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.255.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.94.1.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.94.70.0/24 AS9837 POWERTEL-AP Powertel Ltd 202.122.120.0/21 AS17494 BTTB-AS-AP Telecom Operator & Internet Service Provider as well 202.124.195.0/24 AS17557 PKTELECOM-AS-AP Pakistan Telecom 202.133.70.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.133.73.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.136.254.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.136.255.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.140.160.0/24 AS4841 202.140.161.0/24 AS4841 202.140.162.0/24 AS4841 202.140.163.0/24 AS4841 202.140.164.0/24 AS4841 202.140.165.0/24 AS4841 202.140.166.0/24 AS4841 202.140.167.0/24 AS4841 202.140.168.0/24 AS4841 202.140.169.0/24 AS4841 202.140.170.0/24 AS4841 202.140.171.0/24 AS4841 202.140.172.0/24 AS4841 202.140.173.0/24 AS4841 202.140.174.0/24 AS4841 202.140.175.0/24 AS4841 202.140.180.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.181.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.182.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.150.227.0/24 AS17727 NAPINFO-AS-AP PT. NAP Info Lintas Nusa 202.181.32.0/24 AS4645 ASN-HKNET-AP HKNet Co. Ltd 203.12.45.0/24 AS4854 NETSPACE-AS-AP Netspace Online Systems 203.62.0.0/17 AS7575 AARNET-AS-AP Australian Academic and Reasearch Network (AARNet) 203.78.48.0/20 AS9299 IPG-AS-AP Philippine Long Distance Telephone Company 203.89.139.0/24 AS17911 BRAINPK-AS-AP Brain Telecommunication Ltd. 203.111.192.0/20 AS7473 SINGTEL-AS-AP Singapore Telecommunications Ltd 203.112.111.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.113.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.114.0/24 AS4802 ASN-IINET iiNet Limited 203.112.116.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.117.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.118.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.119.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.120.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.121.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.127.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.128.128.0/19 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 203.128.128.0/24 AS23849 CNNIC-NET263-AP Beijing Capital-online science development Co.,Ltd. 203.152.154.0/23 AS9583 SIFY-AS-IN Sify Limited 204.9.216.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.9.217.0/24 AS4323 TWTC - tw telecom holdings, inc. 204.9.218.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.13.140.0/22 AS7270 NET2PHONE - Net2Phone Corp. 204.16.120.0/23 AS12077 204.16.122.0/23 AS12077 204.19.14.0/23 AS577 BACOM - Bell Canada 205.150.0.0/15 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 205.189.134.0/24 AS11814 CYBERSURF - Cybersurf Inc. 205.210.145.0/24 AS11814 CYBERSURF - Cybersurf Inc. 206.180.240.0/20 AS12083 KNOLOGY-NET - Knology Holdings 207.174.0.0/16 AS13790 INTERNAP-BLK3 - Internap Network Services Corporation 207.174.130.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.131.0/24 AS30715 NETRACK - Netrack, Inc. 207.174.132.0/23 AS30715 NETRACK - Netrack, Inc. 207.174.137.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.138.0/23 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.140.0/22 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.151.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.152.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.157.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.158.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.173.0/24 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.175.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.177.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.178.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.182.0/24 AS29831 FONENET - FONE NET, LLC 207.174.188.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.192.0/24 AS29831 FONENET - FONE NET, LLC 207.174.200.0/24 AS22658 EARTHNET - Earthnet, Inc. 207.174.201.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.202.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.210.0/23 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.211.0/24 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.248.0/21 AS6653 PRIVATEI - privateI, LLC 207.204.168.0/24 AS15150 BELLTECH-AS - BELLWETHER TECHNOLOGY CORPORATION 207.204.222.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 207.231.96.0/19 AS11194 NUNETPA - NuNet Inc. 209.54.93.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 209.54.111.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 209.54.123.0/24 AS6062 NETPLEX - NETPLEX 209.54.240.0/21 AS10887 BPSI-AS - BPSI Internet Services 209.74.96.0/19 AS10912 INTERNAP-BLK - Internap Network Services Corporation 209.140.90.0/24 AS14461 NTSL - NET SOLUTIONS 209.140.224.0/21 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.234.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.235.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.236.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.237.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.238.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.239.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.141.16.0/21 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.141.48.0/22 AS14461 NTSL - NET SOLUTIONS 209.145.192.0/18 AS3043 AMPHIB-AS - Amphibian Media Corporation 209.222.5.0/24 AS26699 PSI-CT - Printing For Systems Inc 209.222.6.0/24 AS26699 PSI-CT - Printing For Systems Inc 209.236.64.0/19 AS7911 LVLT-7911 - Level 3 Communications, Inc. 209.236.96.0/19 AS7911 LVLT-7911 - Level 3 Communications, Inc. 210.5.128.0/20 AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone 216.37.114.0/23 AS3549 GBLX Global Crossing Ltd. 216.37.120.0/23 AS13377 216.99.16.0/24 AS6395 LVLT-6395 - Level 3 Communications, Inc. 216.99.20.0/24 AS6395 LVLT-6395 - Level 3 Communications, Inc. 216.172.198.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.172.199.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.210.86.0/24 AS577 BACOM - Bell Canada 216.240.240.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.240.241.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.240.242.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.251.207.0/24 AS1239 SPRINTLINK - Sprint 217.78.71.0/24 AS12491 IPPLANET-AS IPPlanet 217.78.72.0/24 AS12491 IPPLANET-AS IPPlanet 217.78.73.0/24 AS12491 IPPLANET-AS IPPlanet Please see http://www.cidr-report.org for the full report ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

HITB2009 - Dubai: Conference Agenda & Noteworthy Presentations
by Praburaajan Selvarajan 14 Mar '09

14 Mar '09

The agenda for HITBSecConf2009 - Dubai is now online along with details on both the conference keynote sessions. There are still another 4 more weeks to grab your seats to the GCC's premier network security event! Keynote 1 - Philippe Langlois (Founder, Qualys / Intrinsec / TSTF) "From Hacking, Startups to HackLabs: Global Perspective and New Fields" Keynote 2 - Mark Curphey (Director CISG, Microsoft Corp) "Security Cogs and Levers" Other noteworthy papers: # Cross Domain Leakiness: Divulging Sensitive Information and Attacking SSL Sessions - Chris Evans and Billy Rios # VBootKit 2.0 - Attacking Windows 7 via Boot Sectors - Vipin & Nitin Kumar # The Reverse Engineering Intermediate Language REIL and its Applications - Sebastian Porst # Pickpocketing mWallets: A Guide to Looting Mobile Financial Services - The Grugq # Psychotronica: Exposure, Control, and Deceit - Nitesh Dhanjani # NKill - The Internet Killboard - Anthony 'kugutsumen' Zboralski This is a new tool which gives attackers the ability to discover interesting relationships between seemingly unrelated hosts and companies and to pull vulnerable hosts for a specific domain, company or even an entire country! === Conference Agenda: http://conference.hackinthebox.org/hitbsecconf2009dubai/agenda.htm === On a related note, the conference videos from HITB2007 Malaysia that were previously available only through Bit Torrent are now available for streaming direct from Google Video: http://video.google.com/videosearch?q=HITBSecConf2007&emb=0&aq=f#q=HITBSecC…

1 0

HITB2009 - Dubai: Conference Agenda & Noteworthy Presentations
by Praburaajan Selvarajan 14 Mar '09

14 Mar '09

1 0

Weekly Routing Table Report
by Routing Analysis Role Account 13 Mar '09

13 Mar '09

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-stats(a)lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith <pfs(a)cisco.com>. Routing Table Report 04:00 +10GMT Sat 14 Mar, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary ---------------- BGP routing table entries examined: 282891 Prefixes after maximum aggregation: 134061 Deaggregation factor: 2.11 Unique aggregates announced to Internet: 138798 Total ASes present in the Internet Routing Table: 30808 Prefixes per ASN: 9.18 Origin-only ASes present in the Internet Routing Table: 26818 Origin ASes announcing only one prefix: 13049 Transit ASes present in the Internet Routing Table: 3990 Transit-only ASes present in the Internet Routing Table: 89 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 25 Max AS path prepend of ASN (18678) 21 Prefixes from unregistered ASNs in the Routing Table: 500 Unregistered ASNs in the Routing Table: 168 Number of 32-bit ASNs allocated by the RIRs: 128 Prefixes from 32-bit ASNs in the Routing Table: 19 Special use prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 237 Number of addresses announced to Internet: 2015333504 Equivalent to 120 /8s, 31 /16s and 140 /24s Percentage of available address space announced: 54.4 Percentage of allocated address space announced: 63.6 Percentage of available address space allocated: 85.5 Percentage of address space in use by end-sites: 76.0 Total number of prefixes smaller than registry allocations: 139285 APNIC Region Analysis Summary ----------------------------- Prefixes being announced by APNIC Region ASes: 65455 Total APNIC prefixes after maximum aggregation: 23364 APNIC Deaggregation factor: 2.80 Prefixes being announced from the APNIC address blocks: 62237 Unique aggregates announced from the APNIC address blocks: 28362 APNIC Region origin ASes present in the Internet Routing Table: 3567 APNIC Prefixes per ASN: 17.45 APNIC Region origin ASes announcing only one prefix: 966 APNIC Region transit ASes present in the Internet Routing Table: 545 Average APNIC Region AS path length visible: 3.5 Max APNIC Region AS path length visible: 19 Number of APNIC addresses announced to Internet: 404953248 Equivalent to 24 /8s, 35 /16s and 24 /24s Percentage of available APNIC address space announced: 80.5 APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary ---------------------------- Prefixes being announced by ARIN Region ASes: 124056 Total ARIN prefixes after maximum aggregation: 65410 ARIN Deaggregation factor: 1.90 Prefixes being announced from the ARIN address blocks: 93499 Unique aggregates announced from the ARIN address blocks: 36106 ARIN Region origin ASes present in the Internet Routing Table: 12836 ARIN Prefixes per ASN: 7.28 ARIN Region origin ASes announcing only one prefix: 4935 ARIN Region transit ASes present in the Internet Routing Table: 1235 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 20 Number of ARIN addresses announced to Internet: 419494464 Equivalent to 25 /8s, 0 /16s and 250 /24s Percentage of available ARIN address space announced: 80.7 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959, 46080-47103 ARIN Address Blocks 24/8, 63/8, 64/8, 65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8, 72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8, 98/8, 99/8, 108/8, 173/8, 174/8, 184/8, 199/8, 204/8, 205/8, 206/8, 207/8, 208/8, 209/8, 216/8, RIPE Region Analysis Summary ---------------------------- Prefixes being announced by RIPE Region ASes: 64709 Total RIPE prefixes after maximum aggregation: 37715 RIPE Deaggregation factor: 1.72 Prefixes being announced from the RIPE address blocks: 59322 Unique aggregates announced from the RIPE address blocks: 39468 RIPE Region origin ASes present in the Internet Routing Table: 12799 RIPE Prefixes per ASN: 4.63 RIPE Region origin ASes announcing only one prefix: 6723 RIPE Region transit ASes present in the Internet Routing Table: 1937 Average RIPE Region AS path length visible: 4.0 Max RIPE Region AS path length visible: 25 Number of RIPE addresses announced to Internet: 390950176 Equivalent to 23 /8s, 77 /16s and 109 /24s Percentage of available RIPE address space announced: 83.2 RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614 (pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631 6656-6911, 8192-9215, 12288-13311, 15360-16383 20480-21503, 24576-25599, 28672-29695 30720-31743, 33792-35839, 38912-39935 40960-45055, 47104-52223 RIPE Address Blocks 62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8, 83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8, 90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8, 178/8, 193/8, 194/8, 195/8, 212/8, 213/8, 217/8, LACNIC Region Analysis Summary ------------------------------ Prefixes being announced by LACNIC Region ASes: 23426 Total LACNIC prefixes after maximum aggregation: 5806 LACNIC Deaggregation factor: 4.03 Prefixes being announced from the LACNIC address blocks: 21599 Unique aggregates announced from the LACNIC address blocks: 11767 LACNIC Region origin ASes present in the Internet Routing Table: 1076 LACNIC Prefixes per ASN: 20.07 LACNIC Region origin ASes announcing only one prefix: 339 LACNIC Region transit ASes present in the Internet Routing Table: 176 Average LACNIC Region AS path length visible: 4.0 Max LACNIC Region AS path length visible: 25 Number of LACNIC addresses announced to Internet: 61343488 Equivalent to 3 /8s, 168 /16s and 7 /24s Percentage of available LACNIC address space announced: 60.9 LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247 plus ERX transfers LACNIC Address Blocks 186/8, 187/8, 189/8, 190/8, 200/8, 201/8, AfriNIC Region Analysis Summary ------------------------------- Prefixes being announced by AfriNIC Region ASes: 4777 Total AfriNIC prefixes after maximum aggregation: 1383 AfriNIC Deaggregation factor: 3.45 Prefixes being announced from the AfriNIC address blocks: 4481 Unique aggregates announced from the AfriNIC address blocks: 1338 AfriNIC Region origin ASes present in the Internet Routing Table: 285 AfriNIC Prefixes per ASN: 15.72 AfriNIC Region origin ASes announcing only one prefix: 86 AfriNIC Region transit ASes present in the Internet Routing Table: 55 Average AfriNIC Region AS path length visible: 3.9 Max AfriNIC Region AS path length visible: 15 Number of AfriNIC addresses announced to Internet: 10136064 Equivalent to 0 /8s, 154 /16s and 170 /24s Percentage of available AfriNIC address space announced: 30.2 AfriNIC AS Blocks 36864-37887 & ERX transfers AfriNIC Address Blocks 41/8, 197/8, APNIC Region per AS prefix count summary ---------------------------------------- ASN No of nets /20 equiv MaxAgg Description 4766 1690 6929 396 Korea Telecom (KIX) 17488 1529 119 97 Hathway IP Over Cable Interne 4755 1216 431 179 TATA Communications formerly 9583 1092 86 528 Sify Limited 4134 927 16271 367 CHINANET-BACKBONE 18101 753 198 30 Reliance Infocom Ltd Internet 7545 744 159 104 TPG Internet Pty Ltd 9498 689 297 49 BHARTI BT INTERNET LTD. 24560 675 228 175 Bharti Airtel Ltd. 9829 637 490 21 BSNL National Internet Backbo Complete listing at http://thyme.apnic.net/current/data-ASnet-APNIC ARIN Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4322 3670 338 bellsouth.net, inc. 209 2846 4149 624 Qwest 4323 1795 1065 374 Time Warner Telecom 1785 1733 717 139 PaeTec Communications, Inc. 20115 1587 1430 719 Charter Communications 7018 1451 5880 1013 AT&T WorldNet Services 6478 1287 296 514 AT&T Worldnet Services 2386 1265 682 899 AT&T Data Communications Serv 11492 1194 192 12 Cable One 3356 1172 10976 443 Level 3 Communications, LLC Complete listing at http://thyme.apnic.net/current/data-ASnet-ARIN RIPE Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8452 1238 188 7 TEDATA 30890 447 87 201 SC Kappa Invexim SRL 3292 443 1762 389 TDC Tele Danmark 12479 403 578 6 Uni2 Autonomous System 3320 352 7081 295 Deutsche Telekom AG 3301 343 1685 308 TeliaNet Sweden 8866 337 109 22 Bulgarian Telecommunication C 3215 335 2985 109 France Telecom Transpac 29049 322 26 3 AzerSat LLC. 8551 313 288 40 Bezeq International Complete listing at http://thyme.apnic.net/current/data-ASnet-RIPE LACNIC Region per AS prefix count summary ----------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8151 1444 2831 233 UniNet S.A. de C.V. 10620 826 187 99 TVCABLE BOGOTA 22047 600 302 14 VTR PUNTO NET S.A. 11830 520 294 51 Instituto Costarricense de El 7303 518 260 80 Telecom Argentina Stet-France 16814 491 31 10 NSS, S.A. 6471 440 95 32 ENTEL CHILE S.A. 11172 408 102 73 Servicios Alestra S.A de C.V 7738 397 794 28 Telecomunicacoes da Bahia S.A 28573 384 514 24 NET Servicos de Comunicao S.A Complete listing at http://thyme.apnic.net/current/data-ASnet-LACNIC AfriNIC Region per AS prefix count summary ------------------------------------------ ASN No of nets /20 equiv MaxAgg Description 24863 808 75 27 LINKdotNET AS number 20858 292 34 3 This AS will be used to conne 3741 271 842 231 The Internet Solution 2018 241 215 141 Tertiary Education Network 6713 159 150 15 Itissalat Al-MAGHRIB 33783 150 10 8 EEPAD TISP TELECOM & INTERNET 29571 131 15 8 Ci Telecom Autonomous system 5536 123 8 9 Internet Egypt Network 33776 118 6 3 Starcomms Nigeria Limited 5713 116 507 66 Telkom SA Ltd Complete listing at http://thyme.apnic.net/current/data-ASnet-AFRINIC Global Per AS prefix count summary ---------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 4322 3670 338 bellsouth.net, inc. 209 2846 4149 624 Qwest 4323 1795 1065 374 Time Warner Telecom 1785 1733 717 139 PaeTec Communications, Inc. 4766 1690 6929 396 Korea Telecom (KIX) 20115 1587 1430 719 Charter Communications 17488 1529 119 97 Hathway IP Over Cable Interne 7018 1451 5880 1013 AT&T WorldNet Services 8151 1444 2831 233 UniNet S.A. de C.V. 6478 1287 296 514 AT&T Worldnet Services Complete listing at http://thyme.apnic.net/current/data-ASnet Global Per AS Maximum Aggr summary ---------------------------------- ASN No of nets Net Savings Description 209 2846 2222 Qwest 1785 1733 1594 PaeTec Communications, Inc. 17488 1529 1432 Hathway IP Over Cable Interne 4323 1795 1421 Time Warner Telecom 4766 1690 1294 Korea Telecom (KIX) 8452 1238 1231 TEDATA 8151 1444 1211 UniNet S.A. de C.V. 11492 1194 1182 Cable One 18566 1061 1051 Covad Communications 4755 1216 1037 TATA Communications formerly Complete listing at http://thyme.apnic.net/current/data-CIDRnet List of Unregistered Origin ASNs (Global) ----------------------------------------- Bad AS Designation Network Transit AS Description 16927 UNALLOCATED 12.0.252.0/23 7018 AT&T WorldNet Servic 15132 UNALLOCATED 12.9.150.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.14.170.0/24 7018 AT&T WorldNet Servic 13746 UNALLOCATED 12.24.56.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.25.107.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.152.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.154.0/23 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.159.0/24 7018 AT&T WorldNet Servic 32326 UNALLOCATED 12.40.49.0/24 7018 AT&T WorldNet Servic 25639 UNALLOCATED 12.41.169.0/24 7018 AT&T WorldNet Servic Complete listing at http://thyme.apnic.net/current/data-badAS Advertised Unallocated Addresses -------------------------------- Network Origin AS Description 24.75.116.0/22 10796 ServiceCo LLC - Road Runner 24.75.160.0/19 7843 Adelphia Corp. 24.246.0.0/17 7018 AT&T WorldNet Services 24.246.128.0/18 7018 AT&T WorldNet Services 41.220.16.0/20 8668 TelOne Zimbabwe P/L 41.223.112.0/22 5713 Telkom SA Ltd 41.223.188.0/24 22351 Intelsat 41.223.189.0/24 26452 Local Communications Networks 62.61.220.0/24 24974 Tachyon Europe BV - Wireless 62.61.221.0/24 24974 Tachyon Europe BV - Wireless Complete listing at http://thyme.apnic.net/current/data-add-IANA Number of prefixes announced per prefix length (Global) ------------------------------------------------------- /1:0 /2:0 /3:0 /4:0 /5:0 /6:0 /7:0 /8:19 /9:10 /10:20 /11:55 /12:163 /13:320 /14:576 /15:1132 /16:10354 /17:4622 /18:7971 /19:17011 /20:20057 /21:19757 /22:25245 /23:25252 /24:148046 /25:698 /26:867 /27:545 /28:118 /29:37 /30:9 /31:0 /32:7 Advertised prefixes smaller than registry allocations ----------------------------------------------------- ASN No of nets Total ann. Description 6389 2804 4322 bellsouth.net, inc. 209 1574 2846 Qwest 4766 1394 1690 Korea Telecom (KIX) 17488 1300 1529 Hathway IP Over Cable Interne 8452 1217 1238 TEDATA 11492 1149 1194 Cable One 1785 1139 1733 PaeTec Communications, Inc. 18566 1042 1061 Covad Communications 2386 960 1265 AT&T Data Communications Serv 9583 944 1092 Sify Limited Complete listing at http://thyme.apnic.net/current/data/sXXas-nos Number of /24s announced per /8 block (Global) ---------------------------------------------- 4:13 8:171 12:2199 13:2 15:19 16:3 17:4 20:36 24:1123 32:51 38:547 40:97 41:1969 43:1 44:2 47:21 52:3 55:2 56:3 57:25 58:534 59:623 60:460 61:1103 62:1113 63:2012 64:3554 65:2421 66:3554 67:1494 68:672 69:2506 70:508 71:163 72:1665 73:2 74:1431 75:204 76:312 77:825 78:566 79:299 80:963 81:819 82:558 83:420 84:591 85:1015 86:395 87:634 88:351 89:1494 90:44 91:2049 92:273 93:1092 94:1189 95:766 96:98 97:177 98:228 99:16 109:1 110:8 112:81 113:88 114:213 115:232 116:1130 117:496 118:285 119:644 120:133 121:704 122:969 123:558 124:955 125:1285 128:220 129:225 130:135 131:410 132:74 133:9 134:183 135:39 136:236 137:144 138:146 139:78 140:415 141:105 142:390 143:329 144:331 145:41 146:373 147:148 148:512 149:237 150:142 151:201 152:151 153:135 154:11 155:267 156:167 157:295 158:131 159:234 160:281 161:137 162:270 163:145 164:518 165:517 166:274 167:357 168:666 169:162 170:478 171:39 172:10 173:241 174:145 178:1 186:10 187:46 188:7 189:314 190:2697 192:5813 193:4217 194:3321 195:2696 196:1057 198:3722 199:3306 200:5485 201:1356 202:7854 203:8069 204:3776 205:2157 206:2356 207:2807 208:3876 209:3455 210:2629 211:1116 212:1514 213:1703 214:69 215:25 216:4554 217:1264 218:365 219:408 220:1207 221:460 222:314 End of report

1 0

BGP Update Report
by cidr-report＠potaroo.net 13 Mar '09

13 Mar '09

BGP Update Report Interval: 09-Feb-09 -to- 12-Mar-09 (32 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASN Upds % Upds/Pfx AS-Name 1 - AS9583 340993 7.2% 296.8 -- SIFY-AS-IN Sify Limited 2 - AS3130 89740 1.9% 690.3 -- RGNET-3130 RGnet/PSGnet 3 - AS6629 48665 1.0% 748.7 -- NOAA-AS - NOAA 4 - AS35805 42241 0.9% 139.0 -- UTG-AS United Telecom AS 5 - AS7643 38671 0.8% 34.9 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 6 - AS30890 35698 0.8% 79.9 -- EVOLVA Evolva Telecom 7 - AS17974 35138 0.7% 69.4 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 8 - AS5056 33187 0.7% 286.1 -- INS-NET-2 - Iowa Network Services 9 - AS6458 30871 0.7% 85.5 -- Telgua 10 - AS30306 29280 0.6% 7320.0 -- AfOL-Sz-AS 11 - AS17488 27622 0.6% 16.8 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 12 - AS4771 27137 0.6% 102.0 -- NZTELECOM Netgate 13 - AS29372 25369 0.5% 281.9 -- SFR-NETWORK SFR 14 - AS5050 24198 0.5% 1728.4 -- PSC-EXT - Pittsburgh Supercomputing Center 15 - AS27757 23122 0.5% 189.5 -- ANDINATEL S.A. 16 - AS9829 22760 0.5% 35.6 -- BSNL-NIB National Internet Backbone 17 - AS4648 22122 0.5% 107.9 -- NZIX-2 Netgate 18 - AS8103 19727 0.4% 32.8 -- STATE-OF-FLA - Florida Department of Management Services - Technology Program 19 - AS30969 19371 0.4% 2421.4 -- TAN-NET TransAfrica Networks 20 - AS20115 19086 0.4% 11.6 -- CHARTER-NET-HKY-NC - Charter Communications TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASN Upds % Upds/Pfx AS-Name 1 - AS30306 29280 0.6% 7320.0 -- AfOL-Sz-AS 2 - AS19017 5390 0.1% 5390.0 -- QUALCOMM-QWBS-LV - Qualcomm, Inc. 3 - AS30287 4700 0.1% 4700.0 -- ALON-USA - ALON USA, LP 4 - AS12500 12162 0.3% 4054.0 -- RCS-AS RCS Autonomus System 5 - AS41343 5895 0.1% 2947.5 -- TRIUNFOTEL-ASN TRIUNFOTEL 6 - AS28194 5460 0.1% 2730.0 -- 7 - AS30969 19371 0.4% 2421.4 -- TAN-NET TransAfrica Networks 8 - AS8755 2070 0.0% 2070.0 -- CITYLINESPB-AS CityLine-SPb Autonomous System 9 - AS48144 1882 0.0% 1882.0 -- NETWORKTECH Network Technology 10 - AS5050 24198 0.5% 1728.4 -- PSC-EXT - Pittsburgh Supercomputing Center 11 - AS35335 1627 0.0% 1627.0 -- ESSTU-AS East-Siberian State Technological University AS 12 - AS35410 9009 0.2% 1501.5 -- RU-LVS-AS LVS AS Number 13 - AS32398 11438 0.2% 1429.8 -- REALNET-ASN-1 14 - AS46328 10964 0.2% 1218.2 -- PTCNEBRASKA - PIERCE TELEPHONE COMPANY, INCORPORATED 15 - AS39107 2249 0.1% 1124.5 -- INTERLAN-AS Asociatia Interlan 16 - AS41382 1038 0.0% 1038.0 -- TELEPORT-AS Teleport LLC Network AS 17 - AS46781 916 0.0% 916.0 -- ASN1 - White Nile Group, Inc. 18 - AS19634 896 0.0% 896.0 -- HGL-22-ASN - Heidenreich GP, LLC 19 - AS46653 2601 0.1% 867.0 -- FREDRIKSON---BYRON - Fredrikson & Byron, P.A. 20 - AS29224 1676 0.0% 838.0 -- HELLMANN Hellmann Worldwide Logistics GmbH & Co KG TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 221.134.32.0/24 32037 0.6% AS9583 -- SIFY-AS-IN Sify Limited 2 - 210.214.177.0/24 27706 0.5% AS9583 -- SIFY-AS-IN Sify Limited 3 - 221.135.105.0/24 27697 0.5% AS9583 -- SIFY-AS-IN Sify Limited 4 - 210.214.184.0/24 27562 0.5% AS9583 -- SIFY-AS-IN Sify Limited 5 - 210.214.232.0/24 27525 0.5% AS9583 -- SIFY-AS-IN Sify Limited 6 - 210.214.132.0/24 27428 0.5% AS9583 -- SIFY-AS-IN Sify Limited 7 - 210.214.156.0/24 27408 0.5% AS9583 -- SIFY-AS-IN Sify Limited 8 - 210.214.222.0/24 27343 0.5% AS9583 -- SIFY-AS-IN Sify Limited 9 - 210.214.146.0/24 27261 0.5% AS9583 -- SIFY-AS-IN Sify Limited 10 - 210.214.117.0/24 26981 0.5% AS9583 -- SIFY-AS-IN Sify Limited 11 - 210.210.127.0/24 26875 0.5% AS9583 -- SIFY-AS-IN Sify Limited 12 - 72.23.246.0/24 24056 0.5% AS5050 -- PSC-EXT - Pittsburgh Supercomputing Center 13 - 192.35.129.0/24 16266 0.3% AS6629 -- NOAA-AS - NOAA 14 - 192.102.88.0/24 16109 0.3% AS6629 -- NOAA-AS - NOAA 15 - 198.77.177.0/24 16028 0.3% AS6629 -- NOAA-AS - NOAA 16 - 212.85.223.0/24 14248 0.3% AS30306 -- AfOL-Sz-AS 17 - 212.85.220.0/24 14236 0.3% AS19711 -- SWAZI-NET AS30306 -- AfOL-Sz-AS 18 - 190.152.100.0/24 12940 0.2% AS27757 -- ANDINATEL S.A. 19 - 41.204.2.0/24 11173 0.2% AS32398 -- REALNET-ASN-1 20 - 222.255.51.64/26 11063 0.2% AS7643 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) Details at http://bgpupdates.potaroo.net ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

The Cidr Report
by cidr-report＠potaroo.net 13 Mar '09

13 Mar '09

This report has been generated at Fri Mar 13 21:13:26 2009 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date Prefixes CIDR Agg 06-03-09 288940 180094 07-03-09 289342 180309 08-03-09 289456 180310 09-03-09 289455 180230 10-03-09 289539 180436 11-03-09 289739 180492 12-03-09 289542 180833 13-03-09 289939 180722 AS Summary 30907 Number of ASes in routing system 13132 Number of ASes announcing only one prefix 4321 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 89808640 Largest address span announced by an AS (/32s) AS27064: DDN-ASNBLK1 - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 13Mar09 --- ASnum NetsNow NetsAggr NetGain % Gain Description Table 289860 180735 109125 37.6% All ASes AS6389 4321 350 3971 91.9% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4323 4243 1833 2410 56.8% TWTC - tw telecom holdings, inc. AS209 2842 1263 1579 55.6% ASN-QWEST - Qwest Communications Corporation AS4766 1815 529 1286 70.9% KIXS-AS-KR Korea Telecom AS17488 1529 326 1203 78.7% HATHWAY-NET-AP Hathway IP Over Cable Internet AS22773 1033 66 967 93.6% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1217 261 956 78.6% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS8452 1238 326 912 73.7% TEDATA TEDATA AS1785 1733 837 896 51.7% AS-PAETEC-NET - PaeTec Communications, Inc. AS8151 1442 628 814 56.4% Uninet S.A. de C.V. AS11492 1194 481 713 59.7% CABLEONE - CABLE ONE, INC. AS19262 959 248 711 74.1% VZGNI-TRANSIT - Verizon Internet Services Inc. AS7545 764 197 567 74.2% TPG-INTERNET-AP TPG Internet Pty Ltd AS6478 1287 727 560 43.5% ATT-INTERNET3 - AT&T WorldNet Services AS18101 753 195 558 74.1% RIL-IDC Reliance Infocom Ltd Internet Data Centre, AS3356 1172 616 556 47.4% LEVEL3 Level 3 Communications AS2706 544 26 518 95.2% HKSUPER-HK-AP Pacific Internet (Hong Kong) Limited AS22047 596 115 481 80.7% VTR BANDA ANCHA S.A. AS17908 601 122 479 79.7% TCISL Tata Communications AS4808 607 157 450 74.1% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS7018 1449 1014 435 30.0% ATT-INTERNET4 - AT&T WorldNet Services AS24560 675 243 432 64.0% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS4134 927 506 421 45.4% CHINANET-BACKBONE No.31,Jin-rong Street AS9443 509 90 419 82.3% INTERNETPRIMUS-AS-AP Primus Telecommunications AS10620 827 415 412 49.8% TV Cable S.A. AS17676 530 119 411 77.5% GIGAINFRA BB TECHNOLOGY Corp. AS4668 691 284 407 58.9% LGNET-AS-KR LG CNS AS7011 953 552 401 42.1% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS6471 440 62 378 85.9% ENTEL CHILE S.A. AS16814 491 130 361 73.5% NSS S.A. Total 37382 12718 24664 66.0% Top 30 total Possible Bogus Routes 24.75.116.0/22 AS10796 SCRR-10796 - Road Runner HoldCo LLC 24.75.160.0/19 AS7843 ADELPHIA-AS - Road Runner HoldCo LLC 24.245.128.0/17 AS11492 CABLEONE - CABLE ONE, INC. 24.246.0.0/17 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 24.246.128.0/18 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 41.220.16.0/20 AS8668 TELONE-AS TelOne Zimbabwe P/L 41.223.112.0/22 AS5713 SAIX-NET 41.223.188.0/24 AS22351 INTELSAT Intelsat Global BGP Routing Policy 41.223.189.0/24 AS26452 BRING-AS - BringCom, Inc. 62.61.220.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 62.61.221.0/24 AS24974 TACHYON-EU Tachyon Europe BV - Wireless Broadband via Satellite 63.140.213.0/24 AS22555 UTC - Universal Talkware Corporation 63.143.251.0/24 AS22555 UTC - Universal Talkware Corporation 64.31.32.0/19 AS11955 SCRR-11955 - Road Runner HoldCo LLC 64.31.32.0/22 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.36.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.38.0/23 AS12262 RR-CINCINNATI-ASN-01 - Road Runner HoldCo LLC 64.31.40.0/23 AS12262 RR-CINCINNATI-ASN-01 - Road Runner HoldCo LLC 64.31.42.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.44.0/23 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.46.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.48.0/22 AS11060 NEO-RR-COM - Road Runner HoldCo LLC 64.31.53.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.55.0/24 AS10796 SCRR-10796 - Road Runner HoldCo LLC 64.31.59.0/24 AS7017 SCRR-7015 - Road Runner HoldCo LLC 64.31.60.0/24 AS7017 SCRR-7015 - Road Runner HoldCo LLC 64.64.159.0/24 AS32004 BIG-ASN - Business Information Group, Inc. 64.73.192.0/19 AS11247 IBSINC - Internet Business Services, Inc. 64.79.88.0/24 AS26096 LODDEN - Lodden Services 64.79.89.0/24 AS26096 LODDEN - Lodden Services 64.147.64.0/19 AS40156 THEOPT-HOU - The Optimal Link Corporation 66.11.32.0/20 AS6261 VISINET - Visionary Systems, Inc. 66.11.40.0/21 AS6261 VISINET - Visionary Systems, Inc. 66.54.91.0/24 AS30506 BLACKSUN-1 - Blacksun Technologies LLC 66.55.160.0/19 AS29994 66.180.239.0/24 AS35888 VIGNETTE - VIGNETTE CORPORATION 66.206.32.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.33.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.34.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.35.0/24 AS17787 PSEB-AS-PK Pakistan Software Export Board 66.206.40.0/22 AS174 COGENT Cogent/PSI 66.206.44.0/23 AS174 COGENT Cogent/PSI 66.206.47.0/24 AS17557 PKTELECOM-AS-AP Pakistan Telecom 66.207.32.0/20 AS23011 66.245.176.0/20 AS19318 NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 69.71.192.0/20 AS13818 PHX-INTL-TELEPORT - Phoenix International Teleport 69.80.0.0/17 AS3043 AMPHIB-AS - Amphibian Media Corporation 80.88.0.0/21 AS33774 DJAWEB 80.88.8.0/22 AS33774 DJAWEB 80.88.10.0/24 AS33774 DJAWEB 80.88.12.0/24 AS33779 wataniya-telecom-as 81.25.128.0/20 AS41589 VICUS-AS VICUS S.A. 95.130.160.0/21 AS12611 RKOM R-KOM Regensburger Telekommunikations GmbH & Co. KG 95.130.168.0/21 AS43260 DGN DGN Teknoloji 98.96.0.0/13 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 109.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 109.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 109.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 121.46.0.0/16 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 121.50.168.0/21 AS9931 CAT-AP The Communication Authoity of Thailand, CAT 122.128.120.0/22 AS38456 PACTEL-AS-AP Pacific Teleports. 137.0.0.0/13 AS27064 DDN-ASNBLK1 - DoD Network Information Center 163.142.0.0/16 AS2500 WIDE-BB WIDE Project 172.7.0.0/24 AS28175 172.10.1.0/30 AS18305 POSNET POSDATA Co.,Ltd 178.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.0.0/21 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 178.1.24.0/24 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project 192.9.0.0/16 AS11479 BRM-SUN-AS - Sun Microsystems, Inc 192.9.200.0/24 AS3602 AS3602-RTI - Rogers Telecom Inc. 192.64.85.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.107.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.108.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.69.177.0/24 AS1759 TSF-IP-CORE TeliaSonera Finland IP Network 192.70.164.0/24 AS25689 NRCNET-AS - National Research Council of Canada 192.96.36.0/24 AS5713 SAIX-NET 192.96.37.0/24 AS10474 NETACTIVE 192.96.135.0/24 AS2018 TENET-1 192.96.136.0/23 AS2018 TENET-1 192.96.141.0/24 AS2018 TENET-1 192.96.143.0/24 AS2018 TENET-1 192.96.145.0/24 AS2018 TENET-1 192.96.177.0/24 AS6083 POSIX-AFRICA 192.101.45.0/24 AS2905 TICSA-ASN 192.101.46.0/24 AS6503 Avantel, S.A. 192.101.64.0/21 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.70.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.71.0/24 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 192.101.72.0/24 AS702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 192.101.74.0/24 AS1239 SPRINTLINK - Sprint 192.124.248.0/23 AS680 DFN-IP service G-WiN 192.124.252.0/22 AS680 DFN-IP service G-WiN 192.131.233.0/24 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 192.133.6.0/24 AS10282 ORANGE-BUSINESS-SERVICES-CEEUR Orange Business Services (formerly Equant) AS for CEEUR 192.153.144.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 192.154.32.0/19 AS81 NCREN - MCNC 192.188.208.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 196.6.108.0/24 AS5713 SAIX-NET 196.10.119.0/24 AS2018 TENET-1 196.10.122.0/23 AS2018 TENET-1 196.10.251.0/24 AS2018 TENET-1 196.10.252.0/23 AS2018 TENET-1 196.10.254.0/24 AS2018 TENET-1 196.13.101.0/24 AS2018 TENET-1 196.13.102.0/23 AS2018 TENET-1 196.13.104.0/24 AS2018 TENET-1 196.13.121.0/24 AS2018 TENET-1 196.13.125.0/24 AS2018 TENET-1 196.13.126.0/24 AS2018 TENET-1 196.13.169.0/24 AS2018 TENET-1 196.13.174.0/23 AS2018 TENET-1 196.13.176.0/21 AS2018 TENET-1 196.13.192.0/22 AS2018 TENET-1 196.13.196.0/24 AS2018 TENET-1 196.32.96.0/20 AS6453 GLOBEINTERNET TATA Communications 196.202.224.0/21 AS8818 TELE Greenland Autonomous System 198.1.2.0/24 AS4761 INDOSAT-INP-AP INDOSAT Internet Network Provider 198.23.26.0/24 AS4390 BELLATLANTIC-COM - Bell Atlantic, Inc. 198.54.82.0/24 AS2018 TENET-1 198.54.92.0/24 AS2018 TENET-1 198.54.222.0/24 AS2018 TENET-1 198.97.72.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.97.96.0/19 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.97.240.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 198.161.87.0/24 AS6539 GT-BELL - Bell Canada 198.167.0.0/16 AS7456 INTERHOP - Interhop Network SERVICES Inc. 198.168.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 198.169.0.0/16 AS803 SASKTEL - Saskatchewan Telecommunications 198.180.198.0/24 AS23715 SEOUL-INTGW-GXS-AP Global Exchange Services 199.10.0.0/16 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.103.2.0/24 AS22663 PROMINIC-NET-INC - Prominic.NET, Inc. 199.103.3.0/24 AS22663 PROMINIC-NET-INC - Prominic.NET, Inc. 199.103.4.0/24 AS22663 PROMINIC-NET-INC - Prominic.NET, Inc. 199.103.5.0/24 AS22663 PROMINIC-NET-INC - Prominic.NET, Inc. 199.103.6.0/23 AS22663 PROMINIC-NET-INC - Prominic.NET, Inc. 199.114.0.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.114.128.0/18 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.114.130.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.131.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.132.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.134.0/24 AS3541 ITSDN-U4 - DoD Network Information Center 199.114.136.0/24 AS27044 DDN-ASNBLK1 - DoD Network Information Center 199.114.138.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.140.0/24 AS3544 ITSDN-U7 - DoD Network Information Center 199.114.142.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.144.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.148.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.150.0/24 AS6045 DDN-ASNBLK - DoD Network Information Center 199.114.152.0/24 AS27033 DDN-ASNBLK1 - DoD Network Information Center 199.114.153.0/24 AS27034 DDN-ASNBLK1 - DoD Network Information Center 199.114.154.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.156.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.114.160.0/24 AS1733 CENTAF-SWA - 754th Electronic Systems Group 199.121.0.0/16 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.0.0/18 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.16.0/20 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.123.80.0/21 AS27064 DDN-ASNBLK1 - DoD Network Information Center 199.189.32.0/19 AS7332 IQUEST-AS - IQuest Internet 199.202.0.0/16 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 199.202.216.0/21 AS577 BACOM - Bell Canada 199.246.116.0/24 AS813 UUNET-CANADA - MCI Communications Services, Inc. d/b/a Verizon Business 202.6.176.0/20 AS24316 202.58.113.0/24 AS19161 INNOCOM-TELECOM - INNOCOM TELECOM 202.72.40.0/24 AS38205 202.72.41.0/24 AS38205 202.72.46.0/24 AS38205 202.72.47.0/24 AS38205 202.73.144.0/20 AS4788 TMNET-AS-AP TM Net, Internet Service Provider 202.80.192.0/20 AS2706 HKSUPER-HK-AP Pacific Internet (Hong Kong) Limited 202.86.252.0/22 AS4748 RESOLINK-AS-AP Resources Link Network Limited 202.86.252.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.253.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.254.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.86.255.0/24 AS9304 HUTCHISON-AS-AP Hutchison Global Communications 202.94.1.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.94.70.0/24 AS9837 POWERTEL-AP Powertel Ltd 202.122.120.0/21 AS17494 BTTB-AS-AP Telecom Operator & Internet Service Provider as well 202.124.195.0/24 AS17557 PKTELECOM-AS-AP Pakistan Telecom 202.133.70.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.133.73.0/24 AS38616 WORLDCALL-AS-KHI Worldcall Telecom Limited 202.136.254.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.136.255.0/24 AS4808 CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 202.140.160.0/24 AS4841 202.140.161.0/24 AS4841 202.140.162.0/24 AS4841 202.140.163.0/24 AS4841 202.140.164.0/24 AS4841 202.140.165.0/24 AS4841 202.140.166.0/24 AS4841 202.140.167.0/24 AS4841 202.140.168.0/24 AS4841 202.140.169.0/24 AS4841 202.140.170.0/24 AS4841 202.140.171.0/24 AS4841 202.140.172.0/24 AS4841 202.140.173.0/24 AS4841 202.140.174.0/24 AS4841 202.140.175.0/24 AS4841 202.140.180.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.181.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.140.182.0/24 AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange 202.150.227.0/24 AS17727 NAPINFO-AS-AP PT. NAP Info Lintas Nusa 202.181.32.0/24 AS4645 ASN-HKNET-AP HKNet Co. Ltd 203.12.45.0/24 AS4854 NETSPACE-AS-AP Netspace Online Systems 203.62.0.0/17 AS7575 AARNET-AS-AP Australian Academic and Reasearch Network (AARNet) 203.78.48.0/20 AS9299 IPG-AS-AP Philippine Long Distance Telephone Company 203.89.139.0/24 AS17911 BRAINPK-AS-AP Brain Telecommunication Ltd. 203.111.192.0/20 AS7473 SINGTEL-AS-AP Singapore Telecommunications Ltd 203.112.111.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.113.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.114.0/24 AS4802 ASN-IINET iiNet Limited 203.112.116.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.117.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.118.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.119.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.120.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.121.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.112.127.0/24 AS7474 OPTUSCOM-AS01-AU SingTel Optus Pty Ltd 203.128.128.0/19 AS4134 CHINANET-BACKBONE No.31,Jin-rong Street 203.128.128.0/24 AS23849 CNNIC-NET263-AP Beijing Capital-online science development Co.,Ltd. 203.152.154.0/23 AS9583 SIFY-AS-IN Sify Limited 204.9.216.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.9.217.0/24 AS4323 TWTC - tw telecom holdings, inc. 204.9.218.0/23 AS6389 BELLSOUTH-NET-BLK - BellSouth.net Inc. 204.13.140.0/22 AS7270 NET2PHONE - Net2Phone Corp. 204.16.120.0/23 AS12077 204.16.122.0/23 AS12077 204.19.14.0/23 AS577 BACOM - Bell Canada 205.150.0.0/15 AS701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 205.189.134.0/24 AS11814 CYBERSURF - Cybersurf Inc. 205.210.145.0/24 AS11814 CYBERSURF - Cybersurf Inc. 206.180.240.0/20 AS12083 KNOLOGY-NET - Knology Holdings 207.174.0.0/16 AS13790 INTERNAP-BLK3 - Internap Network Services Corporation 207.174.130.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.131.0/24 AS30715 NETRACK - Netrack, Inc. 207.174.132.0/23 AS30715 NETRACK - Netrack, Inc. 207.174.137.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.138.0/23 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.140.0/22 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.151.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.152.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.157.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.158.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.173.0/24 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.175.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.177.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.178.0/24 AS11500 PEAKPEAK - Peak to Peak Internet 207.174.182.0/24 AS29831 FONENET - FONE NET, LLC 207.174.188.0/22 AS30715 NETRACK - Netrack, Inc. 207.174.192.0/24 AS29831 FONENET - FONE NET, LLC 207.174.200.0/24 AS22658 EARTHNET - Earthnet, Inc. 207.174.201.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.202.0/24 AS13345 ROCKYNET-COM - Rockynet.com, Inc 207.174.210.0/23 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.211.0/24 AS16618 AS-HFS-CAVION - Harland Financial Solutions, Inc. 207.174.248.0/21 AS6653 PRIVATEI - privateI, LLC 207.204.168.0/24 AS15150 BELLTECH-AS - BELLWETHER TECHNOLOGY CORPORATION 207.204.222.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 207.231.96.0/19 AS11194 NUNETPA - NuNet Inc. 209.54.93.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 209.54.111.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 209.54.123.0/24 AS6062 NETPLEX - NETPLEX 209.54.240.0/21 AS10887 BPSI-AS - BPSI Internet Services 209.74.96.0/19 AS10912 INTERNAP-BLK - Internap Network Services Corporation 209.140.90.0/24 AS14461 NTSL - NET SOLUTIONS 209.140.224.0/21 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.234.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.235.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.236.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.237.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.238.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.140.239.0/24 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.141.16.0/21 AS10573 WEBNEXUS - WebNexus Communications Inc. 209.141.48.0/22 AS14461 NTSL - NET SOLUTIONS 209.145.192.0/18 AS3043 AMPHIB-AS - Amphibian Media Corporation 209.222.5.0/24 AS26699 PSI-CT - Printing For Systems Inc 209.222.6.0/24 AS26699 PSI-CT - Printing For Systems Inc 209.236.64.0/19 AS7911 LVLT-7911 - Level 3 Communications, Inc. 209.236.96.0/19 AS7911 LVLT-7911 - Level 3 Communications, Inc. 210.5.128.0/20 AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone 216.37.114.0/23 AS3549 GBLX Global Crossing Ltd. 216.37.120.0/23 AS13377 216.99.16.0/24 AS6395 LVLT-6395 - Level 3 Communications, Inc. 216.99.20.0/24 AS6395 LVLT-6395 - Level 3 Communications, Inc. 216.172.198.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.172.199.0/24 AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 216.210.86.0/24 AS577 BACOM - Bell Canada 216.240.240.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.240.241.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.240.242.0/24 AS7018 ATT-INTERNET4 - AT&T WorldNet Services 216.251.207.0/24 AS1239 SPRINTLINK - Sprint 217.78.71.0/24 AS12491 IPPLANET-AS IPPlanet 217.78.72.0/24 AS12491 IPPLANET-AS IPPlanet 217.78.73.0/24 AS12491 IPPLANET-AS IPPlanet Please see http://www.cidr-report.org for the full report ------------------------------------ Copies of this report are mailed to: nanog(a)merit.edu eof-list(a)ripe.net apops(a)apops.net routing-wg(a)ripe.net afnog(a)afnog.org

1 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

apops March 2009