[59811] in North American Network Operators' Group
Re: Cisco vulnerability and dangerous filtering techniques
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Jul 22 11:21:00 2003
To: jgraun@comcast.net
Cc: Adam Maloney <adamm@sihope.com>, nanog@merit.edu
In-Reply-To: Your message of "Tue, 22 Jul 2003 14:58:22 -0000."
<20030722145822.B8DBF5DE16@segue.merit.edu>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 22 Jul 2003 11:19:20 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1118289728P
Content-Type: text/plain; charset=us-ascii
On Tue, 22 Jul 2003 14:58:22 -0000, jgraun@comcast.net said:
> That is a bit paranoid, but it could happen. I have not seen anybody do
> anything that intelligent in the past couple of years. Not to say that there
> arent people out there that couldn't do that but I think many have thought of
> using one exploit to expose another, DDoS is the closest I have seen on any of
> my honeypots.
Not paranoid enough. :)
Not only *could* it happen, it almost certainly *is* happening.
Remember that in general, only the ankle-biter black hats get caught, just like
the police catch mostly the stupid crooks.
My co-worker Randy Marchany has been doing talks for *years* saying why
firewalls by themselves don't work - he'll ask the audience how many run firewalls,
and a lot will raise their hands... then he'll ask if they pass port 25 and/or 80, and a
lot of hands remain raised.. then he'll ask if *anybody* behind the firewall is running
an unpatched Outlook or IE... and a lot of hands remain raised, with very worried looks
as the implications sink in....
--==_Exmh_1118289728P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE/HVX3cC3lWbTT17ARAscJAJ48mtoPqxQG/lqGLUEA4dpSdc8WIwCdGZx+
9rSYMNYSSZ8NZL3Y2xtFuRw=
=o5q7
-----END PGP SIGNATURE-----
--==_Exmh_1118289728P--
