Cisco vulnerability and dangerous filtering techniques
jgraun at comcast.net
jgraun at comcast.net
Tue Jul 22 14:58:22 UTC 2003
That is a bit paranoid, but it could happen. I have not seen anybody do
anything that intelligent in the past couple of years. Not to say that there
arent people out there that couldn't do that but I think many have thought of
using one exploit to expose another, DDoS is the closest I have seen on any of
my honeypots. I have learned many things about what most people will try to
get into a box from the honeypots, but that is a good point. Filtering or
patching should take place on the edge and on the most critical spots on your
network.
Good Luck
>
> I had a passing thought over the weekend regarding Thursday's cisco
> vulnerability and the recent Microsoft holes.
>
> The next worm taking advantage of the latest Windows' vulnerabilities is
> more or less inevitable. Someone somewhere has to be writing it. So why
> not include the cisco exploit in the worm payload?
>
> Based on past history, there will be plenty of vulnerable Windows hosts to
> infect with the worm. I would also guess that there are lots of
> organizations and end-users that have cisco devices that haven't patched
> their IOS. Furthermore, I wonder how many people have applied filtering
> only at their border? But packets from an infected host inside the
> network wouldn't be stopped by filtering applied only to the external
> side.
>
> Basically, if you're filtering access to your interface IP's rather than
> upgrading IOS, remember that the internet isn't the only source of danger
> to your network.
>
> Adam Maloney
> Systems Administrator
> Sihope Communications
>
More information about the NANOG
mailing list