Cisco vulnerability and dangerous filtering techniques

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jul 22 15:19:20 UTC 2003


On Tue, 22 Jul 2003 14:58:22 -0000, jgraun at comcast.net said:
> That is a bit paranoid, but it could happen.  I have not seen anybody do
> anything that intelligent in the past couple of years.  Not to say that there
> arent people out there that couldn't do that but I think many have thought of
> using one exploit to expose another, DDoS is the closest I have seen on any of 
> my honeypots.

Not paranoid enough. :)

Not only *could* it happen, it almost certainly *is* happening.

Remember that in general, only the ankle-biter black hats get caught, just like
the police catch mostly the stupid crooks.

My co-worker Randy Marchany has been doing talks for *years* saying why
firewalls by themselves don't work - he'll ask the audience how many run firewalls,
and a lot will raise their hands... then he'll ask if they pass port 25 and/or 80, and a
lot of hands remain raised.. then he'll ask if *anybody* behind the firewall is running
an unpatched Outlook or IE... and a lot of hands remain raised, with very worried looks
as the implications sink in....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030722/44b861b6/attachment.sig>


More information about the NANOG mailing list