On 30/07/05, Janet Sullivan [EMAIL PROTECTED] wrote:
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
That's like saying nobody will write windows trojans to infect tiny
PCs, they'll go after big fat *nix servers with rootkits
Something as
On Fri, 29 Jul 2005, Stephen Fulton wrote:
Petri Helenius wrote:
Fortunately destructive worms don't usually get too wide distribution
because they don't survive long.
That assumes that the worm must discover exploitable hosts. What if
those hosts have already been identified through
Stephen Fulton wrote:
That assumes that the worm must discover exploitable hosts. What if
those hosts have already been identified through other means
previously?A nation, terrorist or criminal with the means could
very well compile a relatively accurate database and use such a worm
On Fri, Jul 29, 2005 at 01:01:42AM +, Christopher L. Morrow wrote:
could they be unpatched because no one has sent out a notice saying
versions before X have known vulnerabilities. upgrade now to one
of the following: ...?
or... cause new IOS won't run on them.
Indeed - Cisco's
--- John Forrister [EMAIL PROTECTED] wrote:
Indeed - Cisco's hardware, especially the older,
smaller boxes, tended
to be really solid once you got them running. I was
just pondering a
few minutes ago on how many 2500's I configured
installed in 1996 1997
are still running today, on
On 7/29/05, David Barak [EMAIL PROTECTED] wrote:
--- John Forrister [EMAIL PROTECTED] wrote:
Indeed - Cisco's hardware, especially the older,
smaller boxes, tended
to be really solid once you got them running. I was
just pondering a
few minutes ago on how many 2500's I
] On Behalf Of
David Barak
Sent: Friday, July 29, 2005 2:52 PM
To: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
--- John Forrister [EMAIL PROTECTED] wrote:
Indeed - Cisco's hardware, especially the older, smaller boxes, tended
to be really solid once you got them running. I was just
--- Scott Morris [EMAIL PROTECTED] wrote:
And quite honestly, we can probably be pretty safe
in assuming they will not
be running IPv6 (current exploit) or SNMP (older
exploits) or BGP (other
exploits) or SSH (even other exploits) on that box.
:) (the 1601 or the
2500's)
Let's see
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box. :) (the 1601 or the
2500's)
If a worm writer wanted to cause chaos,
Of Janet Sullivan
Sent: Friday, July 29, 2005 12:44 PM
To: [EMAIL PROTECTED]; nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in
assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits
Sullivan
Sent: Friday, July 29, 2005 12:44 PM
To: [EMAIL PROTECTED]; nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in
assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits
streams generated by those that do.
Guru
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janet
Sullivan
Sent: Friday, July 29, 2005 12:44 PM
To: [EMAIL PROTECTED]; nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Scott Morris wrote:
And quite
Once upon a time, Janet Sullivan [EMAIL PROTECTED] said:
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
Right. And if they wanted to cause chaos on computers, they'd ignore
business desktops and home computers and target large server farms.
On Fri, 29 Jul 2005 17:26:45 CDT, Chris Adams said:
Once upon a time, Janet Sullivan [EMAIL PROTECTED] said:
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
Right. And if they wanted to cause chaos on computers, they'd ignore
business
Petri Helenius wrote:
Fortunately destructive worms don't usually get too wide distribution
because they don't survive long.
That assumes that the worm must discover exploitable hosts. What if
those hosts have already been identified through other means previously?
A nation, terrorist
At 12:22 AM 28-07-05 -0400, Hannigan, Martin wrote:
..and of course:
Cisco Denies Router Vulnerability Claims
[snip]
Of course. That's how a broken vuln system works. :-)
The major flaw is that the vendor decides who gets to know
about a vulnerability.
Or 3com:
This is looking like a complete PR disaster for cisco. They
would have been better off allowing the talk to take place,
and actually fixing the holes rather than wasting money on a
small army of razorblade-equipped censors.
I couldn't disagree more. Cisco are trying to control the
* Neil J. McRae:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how any other vendor handles a exploit and
I'm surprised to see network
In a message written on Thu, Jul 28, 2005 at 08:29:22AM +0100, Neil J. McRae
wrote:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how any other
On Jul 28, 2005, at 3:29 AM, Neil J. McRae wrote:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how any other vendor handles a exploit and
I'm
On 7/27/05, Jeff Kell [EMAIL PROTECTED] wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
More fuel on the fire... Cisco and ISS are suing Lynn now...
James Baldwin [EMAIL PROTECTED] writes:
On Jul 28, 2005, at 3:29 AM, Neil J. McRae wrote:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how
.
Is this the technical version of civil disobedience?
Scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
James Baldwin
Sent: Thursday, July 28, 2005 9:24 AM
To: Neil J.McRae
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
On Jul 28, 2005, at 3
On Thu, Jul 28, 2005 at 07:03:31AM -0700, Eric Rescorla wrote:
Can you or someone else who was there or has some details describe
what the actual result is and what the fix was? Based on what I've
been reading, it sounds like Lynn's result was a method for exploiting
arbitrary new
In a message written on Thu, Jul 28, 2005 at 10:14:42AM -0400, Scott Morris
wrote:
And yet, look how much havoc was created there. It's always the potential
stuff that scares people more. While I do think it's obnoxious to try to
censor someone, on the other hand if they have proprietary
If I were to venture a guess (and it would be just
that, a guess), I'd say that you're probably spot on.
I wonder who's having more fun this week? The folks
at Black Hat, or the folks in The Netherlands at the
Politics of Psychedelic Research or perhaps the
Fun and Mayhem with RFID sessions at
One thing that bugs me, though, is the quote that is
credited to Lynn:
[snip]
I feel I had to do what's right for the country and the national
infrastructure, he said. It has been confirmed that bad people are working on
this (compromising IOS). The right thing to do here is to make sure that
Lynn's statement would tend to make one believe that this is
yet another example of a vulnerability that is awaiting an
exploit, not one that has yet to be discovered -- a sort of
Sword of Damocles, if you will...
I think he's just pointing out that the risk assessments of many
network
available in video
via the Washington Post web site tomorrow.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Network Fortius
Sent: Wednesday, July 27, 2005 6:39 PM
To: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
I have been
On Thu, 28 Jul 2005, Leo Bicknell wrote:
In a message written on Thu, Jul 28, 2005 at 08:29:22AM +0100, Neil J. McRae
wrote:
I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start
I think he's just pointing out that the risk assessments of many
network operators are way off.
I think there is also a LOT concern about all the unpatched routers that
remain unpatched simply because the admins don't feel like spending a week
running the cisco gauntlet to get patches when you
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of James Baldwin
Sent: Thursday, July 28, 2005 10:36 AM
To: [EMAIL PROTECTED]
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Lynn developed this information based on publicly
On 7/28/05, Leo Bicknell [EMAIL PROTECTED] wrote:
I am not a lawyer, and so under the current DMCA and other laws it
may well be illegal to decompile code.
I'm sure all the script kiddies and real hackers out there will be
sure to obey the law.. This is the bit of the DMCA I have a huge
issue
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of James Baldwin
Sent: Thursday, July 28, 2005 10:36 AM
To: [EMAIL PROTECTED]
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Exploit Cover Up
Lynn developed this information based on publicly available IOS
images
Thus spake James Baldwin [EMAIL PROTECTED]
Moreover, the fix for this was already released and you have not been
able to download a vulnerable version of the software for months however
there was no indication from Cisco regarding the severity of the required
upgrade. That is to say, they
On Thu, 28 Jul 2005, Jason Frisvold wrote:
On 7/27/05, Jeff Kell [EMAIL PROTECTED] wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
More fuel on the fire... Cisco and ISS are suing Lynn now...
I think there is also a LOT concern about all the unpatched routers that
remain unpatched simply because the admins don't feel like spending a week
running the cisco gauntlet to get patches when you don't have a support
contract with cisco. Its like cisco doesn't want you to patch or they
On Fri, 29 Jul 2005, Randy Bush wrote:
could they be unpatched because no one has sent out a notice saying
versions before X have known vulnerabilities. upgrade now to one
of the following: ...?
It's interesting...yes, I do make fun of my Windows brethren about their
security problems, but
I spoke with people with Lynn in Vegas and confirmed the following,
if anyone is watching the AP wire or Forbes you'll see that Cisco, et
al. and Lynn have settled the suit.
http://www.forbes.com/business/feeds/ap/2005/07/28/ap2163964.html
I spoke with people with Lynn in Vegas and confirmed the following,
if anyone is watching the AP wire or Forbes you'll see that Cisco, et
al. and Lynn have settled the suit.
i missed the part where we, the likely actual injured parties, learn
to what we are vulnerable and how to protect
On Jul 28, 2005, at 8:40 PM, Randy Bush wrote:
I spoke with people with Lynn in Vegas and confirmed the following,
if anyone is watching the AP wire or Forbes you'll see that Cisco, et
al. and Lynn have settled the suit.
i missed the part where we, the likely actual injured parties, learn
to
On Fri, 29 Jul 2005, Randy Bush wrote:
I think there is also a LOT concern about all the unpatched routers that
remain unpatched simply because the admins don't feel like spending a week
running the cisco gauntlet to get patches when you don't have a support
contract with cisco. Its
For those who like to keep abreast of security issues, there are
interesting developments happening at BlackHat with regards to Cisco
IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical
details, but allow
On Jul 27, 2005, at 1:26 PM, James Baldwin wrote:
http://blogs.washingtonpost.com/securityfix/2005/07/
mending_a_hole_.html
Further information:
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?
articleId=166403096
For what ot's worth, this story is running in the
popular trade press:
Cisco nixes conference session on hacking IOS router code
http://www.networkworld.com/news/2005/072705-cisco-ios.html
- ferg
-- Hannigan, Martin [EMAIL PROTECTED] wrote:
For those who like to keep abreast of security
Damn he sure did cause a shit storm AGAIN..
from the crn article it looks like they might have him pinned on an
NDA violation.. (taking a shot in the dark)
quote below.
Cisco respects and encourages the work of independent research
scientists; however, we follow an industry established
...and Wired News is running this story:
Cisco Security Hole a Whopper
Excerpt:
[snip]
A bug discovered in an operating system that runs the majority of the world's
computer networks would, if exploited, allow an attacker to bring down the
nation's critical infrastructure, a computer
..and of course:
Cisco Denies Router Vulnerability Claims
[snip]
Cisco Systems is downplaying a news story that suggests new security flaws may
have been discovered in some of its routers.
[snip]
http://www.varbusiness.com/components/weblogs/article.jhtml?articleId=166403151
So, until the
and talk about closing the barn door after the horse has escaped!??
Haven't they just turned those 15 pages scanned as a pdf and
distributed over a p2p file sharing system like bit torrent into
likely one of the the most sought after documents on the planet?
How long before they show
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
Since the talk was actually delivered - does anyone have a transcript or a
torrent for audio/video?
- Dan
On 7/27/05 8:10 PM, Jeff Kell [EMAIL PROTECTED] wrote:
Cisco's response thus far:
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
Jeff
I have been searching the net since this morning, for “The Holy
Grail: Cisco IOS Shellcode Remote Execution”, or variations of such.
This seems to be - at the moment - the most thought after torrent ...
Stef
Network Fortius, LLC
On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote:
Since
..and of course:
Cisco Denies Router Vulnerability Claims
[snip]
Of course. That's how a broken vuln system works. :-)
The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in the system
because $vendor is dealing with people
53 matches
Mail list logo
