Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: CiSCO IOS 12.* source code stolen

  • From: Alexei Roudnev
  • Date: Sun May 16 20:31:48 2004

I should not be too aware of the possible usage of this source code for the
exploit development; Cisco have a very few
points, where it parse/process IP packets, and most of such points are
filtered out in most Cisco's.

Much more serious is _trade secrets_ issue. Of course, no one can take this
codes and use them on their equipment, or grab library and reuse it. But,
unfortunately, Cisco's codes should have many small tricks, smart design
solutions and so on, which makes IOS so efficient, and this things can be
reused by competitors (unfortunately for Cisco, only a few West countries
respect author's rights, in other people are free to purchase this source
codes from the hacker and use as much as they do want).

(Of course, this leak can result in a few more SNMP exploits - but it is
well known Issue /it is impossible to write out safe code for ASN.1 parser,
in real world/ - what's a surprise!).


----- Original Message ----- 
From: "Scott Call" <scall@devolution.com>
To: <nanog@merit.edu>
Sent: Sunday, May 16, 2004 1:02 AM
Subject: Re: CiSCO IOS 12.* source code stolen


>
> On Sun, 16 May 2004, Henry Linneweh wrote:
>
> >
> > You do not have to steal the code, you can buy a cisco
> > router from an equipment reseller and have all the
> > access you want.....
> >
>
> I wasn't aware you got a source license when you purchased Cisco gear. I
> need to have a talk with my reseller...
>
> smart-assitude aside, I do hope fallout is minimal and easily worked
> around.  Hopefully even the script kiddies and other black hats understand
> that undermining the infrasture of the 'net would make all of their DDOS
> and SPAM zombies unusable.
>
> -S
>
> -- 
> Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
> I make the world a better place, I boycott Wal-Mart
> VoIP incoming: +1 360-382-1814
>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.