North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Exploit Cover Up

  • From: Christopher L. Morrow
  • Date: Sat Jul 30 04:45:47 2005

On Fri, 29 Jul 2005, Stephen Fulton wrote:

> Petri Helenius wrote:
> > Fortunately destructive worms don't usually get too wide distribution
> > because they don't survive long.
> That assumes that the worm must "discover" exploitable hosts.  What if
> those hosts have already been identified through other means previously?
>     A nation, terrorist or criminal with the means could very well
> compile a relatively accurate database and use such a worm to attack
> specific targets, and those attacks need not be destructive/disruptive.

and why pray-tell would they bother with any of this complex 'remote
exploit' crap when they can send a stream of 3mbps at any cisco and crunch

as someone said before, the 'big deal' in the talk was: "Hey, IOS is just
like everyother OS, it has heap/stack overflows that you can smash and get
arbitrary code to run on."