|
North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Cisco IOS Exploit Cover Up
- From: Janet Sullivan
- Date: Fri Jul 29 15:46:17 2005
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box. :) (the 1601 or the
2500's)
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
The way I see it, all that's needed is two major exploits, one known by
Cisco, one not.
Exploit #1 will be made public. Cisco will released fixed code. Good
service providers will upgrade.
The upgraded code version will be the one targeted by the second,
unknown, exploit.
A two-part worm can infect Windows boxen via any common method, and then
use them to try the exploit against routers. A windows box can find
routers to attack easily enough by doing traceroutes to various sites.
Then, the windows boxen can try a limited set of exploit variants on
each router. Not all routers will be affected, but some will.
As for what the worm could do - well, it could report home to the worm
creators that "Hey, you 0wn X number of routers", or it could do
something fun like erasing configs and locking out console ports. ;-)
Honestly, I've been expecting something like that to happen for years
now. <shrug>
|
|
|
