The Cisco ISR 4000 Series router must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.

From Cisco IOS XE Release 3 RTR Security Technical Implementation Guide

Part of SRG-NET-000019-RTR-000004

Associated with: CCI-001414

SV-88773r1_rule The Cisco ISR 4000 Series router must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.

Vulnerability discussion

Protocol Independent Multicast (PIM) is a routing protocol used to build multicast distribution trees for forwarding multicast traffic across the network infrastructure. Protocol Independent Multicast traffic must be limited to only known PIM neighbors by configuring and binding a PIM neighbor filter to those interfaces that have PIM enabled. If a PIM neighbor filter is not applied to those interfaces that have PIM enabled, an unauthorized routers can join the PIM domain and discover and use the rendezvous points, and also advertise their rendezvous points into the domain. This can result in a denial of service by traffic flooding or result in the unauthorized transfer of data.

Check content

Step 1: Verify that an ACL is configured that will specify the allowable PIM neighbors similar to the following example: ip access-list standard PIM-NEIGHBORS permit 192.0.2.1 permit 192.0.2.3 Step 2: Verify that a pim neighbor-filter command is configured on all PIM enabled interfaces that is referencing the PIM neighbor ACL similar to the following example: interface GigabitEthernet0/3 ip address 192.0.2.2 255.255.255.0 ip pim sparse-mode pim neighbor-filter PIM-NEIGHBORS If the Cisco ISR 4000 Series router has not been configured with PIM neighbor filter on all PIM-enabled interfaces, this is a finding.

Fix text

Configure the Cisco ISR 4000 Series router with PIM neighbor filters on all PIM-enabled interfaces as shown in the example below: ip access-list standard PIM-NEIGHBORS permit 192.0.2.1 permit 192.0.2.3 ... ... ... interface GigabitEthernet0/3 ip address 192.0.2.2 255.255.255.0 ip pim sparse-mode ip pim neighbor-filter PIM-NEIGHBORS

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer