nanog mailing list archives
Synful Knock questions...
From: <eric-list () truenet com>
Date: Tue, 15 Sep 2015 14:15:48 -0400
I'm sure most have already seen the CVE from Cisco, and I was just reading through the documentation from FireEye: https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm l Question is that it looks to me like they are over-writing the ospf response for "show ip ospf timers lsa-group"? And if that's the case I'm guessing the router would need to have ospf enabled to be able to see the response? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222
Current thread:
- Synful Knock questions... eric-list (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
- Re: Synful Knock questions... Ricky Beam (Sep 15)
- Re: Synful Knock questions... Jake Mertel (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
- Re: Synful Knock questions... Jake Mertel (Sep 15)
- Re: Synful Knock questions... Valdis . Kletnieks (Sep 15)
- Re: Synful Knock questions... Jake Mertel (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
- Re: Synful Knock questions... Jared Mauch (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
- Re: Synful Knock questions... Marcin Cieslak (Sep 15)
- Re: Synful Knock questions... Stephen Satchell (Sep 15)