The *best* exploit is the one alluded to in the presentation.
Overwrite the nvram/firmware to prevent booting (or, perhaps,
adjust the voltages to damaging levels and do a "smoke test").
If you could do it to all GSR linecards, think of the RMA
costs to Cisco (not to mention the fact that Cisco could not
possible replace all the cards in all the GSRs across the
internet in an anywhere reasonable timeframe). *THAT* is
what I suspect worries Cisco. But of course I am just
conjecturing...
Gary
Buhrmaster, Gary wrote:
The *best* exploit is the one alluded to in the presentation.
Overwrite the nvram/firmware to prevent booting (or, perhaps,
adjust the voltages to damaging levels and do a "smoke test").
If you could do it to all GSR linecards, think of the RMA
costs to Cisco (not to mention the fact that Cisco could not
possible replace all the cards in all the GSRs across the
internet in an anywhere reasonable timeframe). *THAT* is
what I suspect worries Cisco. But of course I am just
conjecturing...
One of the more effective (software) ways is to mess up the cookies on the cards which tell IOS what kinds of cards they are and then reload the box.
Fortunately destructive worms don't usually get too wide distribution because they don't survive long.
Pete
Petri Helenius wrote:
Fortunately destructive worms don't usually get too wide distribution because they don't survive long.
That assumes that the worm must "discover" exploitable hosts. What if those hosts have already been identified through other means previously? A nation, terrorist or criminal with the means could very well compile a relatively accurate database and use such a worm to attack specific targets, and those attacks need not be destructive/disruptive.
-- Stephen.
and why pray-tell would they bother with any of this complex 'remote
exploit' crap when they can send a stream of 3mbps at any cisco and crunch
it?
as someone said before, the 'big deal' in the talk was: "Hey, IOS is just
like everyother OS, it has heap/stack overflows that you can smash and get
arbitrary code to run on."
Stephen Fulton wrote:
That assumes that the worm must "discover" exploitable hosts. What if those hosts have already been identified through other means previously? A nation, terrorist or criminal with the means could very well compile a relatively accurate database and use such a worm to attack specific targets, and those attacks need not be destructive/disruptive.
Sure, most of the people on this list would make very smart and skilled criminals if they would choose to pursue that path.
Pete