[59802] in North American Network Operators' Group
Cisco vulnerability and dangerous filtering techniques
daemon@ATHENA.MIT.EDU (Adam Maloney)
Tue Jul 22 09:33:35 2003
Date: Tue, 22 Jul 2003 08:31:56 -0500 (CDT)
From: Adam Maloney <adamm@sihope.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
I had a passing thought over the weekend regarding Thursday's cisco
vulnerability and the recent Microsoft holes.
The next worm taking advantage of the latest Windows' vulnerabilities is
more or less inevitable. Someone somewhere has to be writing it. So why
not include the cisco exploit in the worm payload?
Based on past history, there will be plenty of vulnerable Windows hosts to
infect with the worm. I would also guess that there are lots of
organizations and end-users that have cisco devices that haven't patched
their IOS. Furthermore, I wonder how many people have applied filtering
only at their border? But packets from an infected host inside the
network wouldn't be stopped by filtering applied only to the external
side.
Basically, if you're filtering access to your interface IP's rather than
upgrading IOS, remember that the internet isn't the only source of danger
to your network.
Adam Maloney
Systems Administrator
Sihope Communications
