Cisco IOS Exploit Cover Up
Christopher L. Morrow
christopher.morrow at mci.com
Sat Jul 30 08:42:26 UTC 2005
On Fri, 29 Jul 2005, Stephen Fulton wrote:
>
> Petri Helenius wrote:
>
> > Fortunately destructive worms don't usually get too wide distribution
> > because they don't survive long.
>
> That assumes that the worm must "discover" exploitable hosts. What if
> those hosts have already been identified through other means previously?
> A nation, terrorist or criminal with the means could very well
> compile a relatively accurate database and use such a worm to attack
> specific targets, and those attacks need not be destructive/disruptive.
and why pray-tell would they bother with any of this complex 'remote
exploit' crap when they can send a stream of 3mbps at any cisco and crunch
it?
as someone said before, the 'big deal' in the talk was: "Hey, IOS is just
like everyother OS, it has heap/stack overflows that you can smash and get
arbitrary code to run on."
More information about the NANOG
mailing list