nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Janet Sullivan <ciscogeek () bgp4 net>
Date: Fri, 29 Jul 2005 12:44:28 -0700
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in assuming they will not be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other exploits) or SSH (even other exploits) on that box. :) (the 1601 or the 2500's)
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but 7200s, 7600s, GSRs, etc.
The way I see it, all that's needed is two major exploits, one known by Cisco, one not.
Exploit #1 will be made public. Cisco will released fixed code. Good service providers will upgrade.
The upgraded code version will be the one targeted by the second, unknown, exploit.
A two-part worm can infect Windows boxen via any common method, and then use them to try the exploit against routers. A windows box can find routers to attack easily enough by doing traceroutes to various sites. Then, the windows boxen can try a limited set of exploit variants on each router. Not all routers will be affected, but some will.
As for what the worm could do - well, it could report home to the worm creators that "Hey, you 0wn X number of routers", or it could do something fun like erasing configs and locking out console ports. ;-)
Honestly, I've been expecting something like that to happen for years now. <shrug>
Current thread:
- RE: Cisco IOS Exploit Cover Up, (continued)
- RE: Cisco IOS Exploit Cover Up John A. Kilpatrick (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Randy Bush (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- RE: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up John Forrister (Jul 29)
- Re: Cisco IOS Exploit Cover Up David Barak (Jul 29)
- Re: Cisco IOS Exploit Cover Up Scott Whyte (Jul 29)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 29)
- RE: Cisco IOS Exploit Cover Up David Barak (Jul 29)
- Re: Cisco IOS Exploit Cover Up Janet Sullivan (Jul 29)
- Re: Cisco IOS Exploit Cover Up Chris Adams (Jul 29)
- Re: Cisco IOS Exploit Cover Up Valdis . Kletnieks (Jul 29)
- Re: Cisco IOS Exploit Cover Up Suresh Ramasubramanian (Jul 30)
- Re: Cisco IOS Exploit Cover Up Hyunseog Ryu (Jul 28)
- Re: Cisco IOS Exploit Cover Up Petri Helenius (Jul 29)
- Re: Cisco IOS Exploit Cover Up Stephen Fulton (Jul 29)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 30)