Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fwd: Cisco crapaganda

  • From: Michael.Dillon
  • Date: Wed Aug 10 06:14:20 2005

> > What techniques are you referencing? The technique Lynn demonstrated 
> > has not been seen anywhere in the wild, as far as I know. He, nor 
> > ISS, ever made the source code available to anyone outside of Cisco, 
> > or ISS. What publication are you referring to?
> Didn't Lynn come out and say flat out that he'd found a lot of 
> on a Chinese website (with the implication that the website had even 
> information than what he presented)?

A black hat who is not Chinese has published some slides with
far more explicit step-by-step details of how to crack IOS using
the techniques that Lynn glossed over in his presentation. This
person also claims to have source code available on his website
for download but I didn't look to know for sure.

As for the Chinese connection, there is a fairly long document
circulating on the net from a couple of years back. It is translated
from Chinese and it is about modern techniques of information warfare.
I think a lot of people interested in network security are aware
that lots of Chinese hackers are at work out there and that
they are good at what they do. Since all blackhats tend to 
communicate with each other to share ideas and to brag about
their exploits, it is entirely possible that this Cisco
exploit began in China.

It is a nice myth to believe that a company like ISS does all
their own work in-house and that their employees are all super
gurus. But I would hope that most of you realize this is not
true. Companies like ISS leverage the work of blackhats just
like any hacker does. That's why I don't think gagging Lynn or
ISS or the Blackhat conference will have any positive effect
whatsoever. In fact, I would argue that this legal manouevering
has had a net negative effect because it has now been widely
published that Cisco exploits are possible. This means that 
many more hackers are now trying to craft their own exploits
and own Cisco routers.

Of course, in the end, Juniper is also vulnerable. Nortel is
vulnerable. Every manufacturer of routing/switching equipment
is vulnerable. Modern electronic devices are all built around 
embedded computers with complex software running on them. The
root of all these vulnerabilities is our inability to write
complex software that is free of bugs.

Now I believe that Open Source software techniques can solve
this root problem because many eyes can find more bugs.
This doesn't just mean *BSD and Linux. There are also
systems like OSKit
and RTAI that are more appropriate
for building things like routers.

--Michael Dillon

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.