[82858] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sat Jul 30 04:44:50 2005
Date: Sat, 30 Jul 2005 08:42:26 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <42EAC292.2080003@esoteric.ca>
To: Stephen Fulton <nanog@esoteric.ca>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Fri, 29 Jul 2005, Stephen Fulton wrote:
>
> Petri Helenius wrote:
>
> > Fortunately destructive worms don't usually get too wide distribution
> > because they don't survive long.
>
> That assumes that the worm must "discover" exploitable hosts. What if
> those hosts have already been identified through other means previously?
> A nation, terrorist or criminal with the means could very well
> compile a relatively accurate database and use such a worm to attack
> specific targets, and those attacks need not be destructive/disruptive.
and why pray-tell would they bother with any of this complex 'remote
exploit' crap when they can send a stream of 3mbps at any cisco and crunch
it?
as someone said before, the 'big deal' in the talk was: "Hey, IOS is just
like everyother OS, it has heap/stack overflows that you can smash and get
arbitrary code to run on."
