Saying goodnight to my GSR

Saku Ytti saku at ytti.fi
Sat Sep 20 21:04:16 UTC 2014


On (2014-09-20 14:25 -0600), Keith Medcalf wrote:

> And what, exactly, is it vulnerable to?

Fair question. Felix Lindner has shown some ~0 budget attacks on IOS. But I'm
not sure if there actually are known attack vectors for properly secured
system (iACL, rACL in this case)
Crash bugs are there probably, but those are likely in every release and some
motivation + lab time might yield success DoS attack on platform, and if
you're L2 connected to a router, most are DoSable anyhow, regardless of
version.

Personally, I wouldn't be too worried about this. If I were, I wouldn't dare
to run any commercially or otherwise available networking operating system,
they all have terrible history in terms of software reliability against
attacks.
But there appears to be no actual business-case for security, if we look at
fortune500 companies who have been thoroughly pwned, it has not impacted their
market cap. Public sector, including military are happy to buy 'audited'
network connection from commercial companies running commercial systems, which
all certainly are pwnable with extremely modest budget, regardless how new
release they are running.

-- 
  ++ytti


More information about the NANOG mailing list