|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco vulnerability and dangerous filtering techniques
Hi Adam, I thought the same, and the solution is to apply the filters to all interfaces not just the borders. One thing about the worm idea is that if it hits routers it should burn itself out fairly quickly as it cuts off its own access. Another thing is it is necessary to send out probes prior to launching an attack which will reveal the source address, it is necessary to use non-spoofed traceroutes (or other ttl-expire technique) as you must set the ttl on the attack packets so that it arrives with ttl 0 Steve On Tue, 22 Jul 2003, Adam Maloney wrote: > > I had a passing thought over the weekend regarding Thursday's cisco > vulnerability and the recent Microsoft holes. > > The next worm taking advantage of the latest Windows' vulnerabilities is > more or less inevitable. Someone somewhere has to be writing it. So why > not include the cisco exploit in the worm payload? > > Based on past history, there will be plenty of vulnerable Windows hosts to > infect with the worm. I would also guess that there are lots of > organizations and end-users that have cisco devices that haven't patched > their IOS. Furthermore, I wonder how many people have applied filtering > only at their border? But packets from an infected host inside the > network wouldn't be stopped by filtering applied only to the external > side. > > Basically, if you're filtering access to your interface IP's rather than > upgrading IOS, remember that the internet isn't the only source of danger > to your network. > > Adam Maloney > Systems Administrator > Sihope Communications > >
|