Current Article

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018


Alex Thornton


Written on: September 26, 2018

This article discusses a security vulnerability found in certain Cisco devices that are running Linux. This exploit it triggered by sending a mass of fragmented IPv4 or IPv6 packets to the affected device causing a CPU overload and unresponsiveness from the system. The current work around for solving this is on a case by case basis. The solution that Cisco recommends is to institute a rate limiting measure that controls the flow of fragmented packets to the system. This article is pertinent to my degree because when working in Networking it is always a good idea to be knowledgeable of vulnerabilities, and implementing fixes once they are found. Also, Cisco specifically is important because it is an industry standard. It is also important to get familiar with sites that post these vulnerabilities such as the Cisco Security Advisory and Alerts.

Link to .docx version of summary