[82973] in North American Network Operators' Group
RE: "Cisco gate" - Payload Versus Vector
daemon@ATHENA.MIT.EDU (Dan Hollis)
Tue Aug 2 18:29:33 2005
Date: Tue, 2 Aug 2005 15:29:05 -0700 (PDT)
From: Dan Hollis <goemon@anime.net>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Cc: Robert Guess <tcguesr@tcc.edu>
In-Reply-To: <17135.59792.728822.690060@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On Tue, 2 Aug 2005, Randy Bush wrote:
> even without stiffling the heap check via crashing_already (i.e. a
> 'fix' is developed for that weakness), is the 30-60 second window
> sufficient to do serious operational damage. i.e. what could an
> attacker do with a code injection with a mean life as short as
> 15-30 seconds?
change the passwords and write to nvram, and come back later?
-Dan
