Dailydave mailing list archives
Re: Lynn / Cisco shellcode
From: Anthony Zboralski <anthony.zboralski () bellua com>
Date: Sat, 30 Jul 2005 08:54:17 +0700
On 29 Jul 2005, at 21:57, surreal () delusory org wrote:
Mike stated clearly and more than once that he didn't have access tosource. You can choose to believe whatever you want, and unfortunately,there's no record to refute all the BS out now.He mentioned that the source *had* been stolen twice in recent history,but he didn't have any source code. He also explained how you can
True, everyone and his dog has IOS 11 & 12 and PIX 4, 5 & 6 source code. IOS 11 was even released by a warez group...What's even funnier is the case of Huawei Technology with $2.4 billion in sales both within China:
Mark Chandler, Cisco's general counsel, said the main reason for the suit was the discovery that Huawei was using the same source code for the software powering its routers. The code, called IOS (internetwork operating system), is the crown jewel of Cisco's technology. "Over the past year we had more and more of a case," he says, citing such things as the identical command lines and user manuals between Cisco and Huawei products. "But several months ago we realized the source code was copied--that's when we began direct negotiation." Huawei officials were receptive to negotiations, he said, but never changed their practices.
Anyone has access to a Huawei router? I wonder if they had snmp support in them as the source for snmp has to be generated
from the MIBs with an unreleased snmp research tools.
google up instructions (in Chinese) on hooking a debugger to therouter, and how handy the 'dump memory' command is - he asked if anyone had legitimately used "dump memory" in their work and one (1) person inthe audience raised his hand.
this one? http://www.xfocus.net/articles/200307/583.html It is funny how the only mirrors left are in china :)http://www.google.com/search?hl=en&lr=&safe=off&client=safari&rls=en- us&q=ciscox+gdb&btnG=Search
My goal was to be able to hide specific interfaces on a router by toggling a flag in a memory. These notes were a bit lame; right after I left for Asia and forgot to bring the small cisco 1600 with me.
No IOS platform built on the M68k family uses versions of the CPU that have full MMU support. Hence there is no hardware support for write protecting the text segment of the IOS image. The system does checksum the text segment (every 30 seconds) and will crash if the checksum is
incorrect. However, finding the offending code is hard. mipsAt init time, the IOS programs the MMU of these processors to provide write protection of the text segment. If any code tries to write
into the code space, the system will crash with a segmentation violation.However the protection is not completely foolproof, although very good. The physical memory in which the code sits is mapped into other segments of the address space and is writable through those segments.
It's unfortunate that the talk has been censored out of existence. He had generally complimentary things to say about Cisco coders and ISS, and nothing you could walk away with and 0wn the internet without months of work *and* a time machine. Well, he touched on how Cisco is poised to lower the bar for future attackers by virtualizing the ... (memory error) so that all offsets will be identical across their hardware line; that doesn't bode well.If people could watch the video and see what he *actually* said and did,they'd chill. I gotta go stand in line in the heat now ;-) SurrealFrom: "Thor Larholm" <thor () pivx com>While Lynn worked at ISS he was doing a source code analysis forCisco.uh, no he didn't. where did you pull this idea from?From the press, from the rumour mill, from everybody who was actuallytalking about it.It made a lot of sense that Lynn would have done a source code analysisand thus simply have broken his NDA. I choose to believe this as itwould mean Cisco and ISS were not trying to silence security research, especially considering that the people attending the show did not talkabout any new vulnerabilities being disclosed, just OIS systeminternals. In other words, I'm giving you the benefit of doubt, trustingthat you simply handled the press situation badly.Cisco and ISS didn't talk about any specifics, but I would love to hearyou explain what actually happened. Or at least point us to copies of the lawsuit. We're all just curious about what could necessitate the need for silence. Regards Thor Larholm Senior Security Researcher PivX Solutions 23 Corporate Plaza #280 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Stock symbol: (PIVX.OB) Phone: +1 (949) 231-8496 PGP: 0x4207AEE9 B5AB D1A4 D4FD 5731 89D6 20CD 5BDB 3D99 4207 AEE9 PivX defines a new genre in Desktop Security: Proactive Threat Mitigation. <http://www.pivx.com/qwikfix> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lynn / Cisco shellcode, (continued)
- Re: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- Re: Lynn / Cisco shellcode Pukhraj Singh (Jul 29)
- RE: Lynn / Cisco shellcode Todd Towles (Jul 28)
- RE: Lynn / Cisco shellcode Dowd, Mark (ISS Atlanta) (Jul 28)
- RE: Lynn / Cisco shellcode Dennis Cox (Jul 28)
- RE: Lynn / Cisco shellcode Dennis Cox (Jul 28)
- RE: Lynn / Cisco shellcode Michael J Freeman (Jul 28)
- RE: Lynn / Cisco shellcode Thor Larholm (Jul 29)
- RE: Lynn / Cisco shellcode surreal (Jul 29)
- Re: Lynn / Cisco shellcode Ron Guerin (Jul 29)
- Re: Lynn / Cisco shellcode Anthony Zboralski (Jul 29)
- Re: Lynn / Cisco shellcode Thor Larholm (Jul 29)
- RE: Lynn / Cisco shellcode surreal (Jul 29)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)
- Re: Lynn / Cisco shellcode Nicholas Cross (Aug 01)
- Re: Lynn / Cisco shellcode Ejovi Nuwere (Jul 30)