[8758] in bugtraq

home help back first fref pref prev next nref lref last post

Re: your mail

daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Mon Dec 21 23:13:05 1998

Date: 	Mon, 21 Dec 1998 14:00:40 -0800
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Craig A. Huegen" <chuegen@QUADRUNNER.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.95.981221130222.9711B-100000@arden.iss.net>; from
              X-Force on Mon, Dec 21, 1998 at 01:02:46PM -0500

It should be pointed out here that ICMP redirects are not the only
kinds of attacks which can be carried out against these devices.

Our wonderful denial of service friends land, nestea, nestea2, et al,
can wreak havoc on these devices as well.

Your best bet as a user of these devices is to impose very restrictive
filters, or insure that these systems are not vulnerable to all
of the attacks against IP stacks that have been discovered.

I made a joke in my talk at SANS '98 that when my toaster got attacked
by nestea, it burnt my toast.  We're not too far off from that. =)

/cah

On Mon, Dec 21, 1998 at 01:02:46PM -0500, X-Force wrote:
==>ISS Security Advisory
==>December 10, 1998
==>
==>ICMP Redirects Against Embedded Controllers

home help back first fref pref prev next nref lref last post