Bugtraq mailing list archives
Re: Cisco 675 Denial of Service Attack
From: CDI <cdi () THEWEBMASTERS NET>
Date: Fri, 1 Dec 2000 14:37:34 -0800
On Fri, 1 Dec 2000, Shane Youhouse wrote: [snips]
Did you ask CDI to help? Did he refuse?
Yes they did and no I didn't respectively. When they were unable to replicate the problem I sent them the step-by-step used to configure the 675 for PPP. I even told them that if they wanted to set up a 675 and provide me with the IP I'd be happy to crash it for them.
CDI should have gone public with this about 10 1/2 months ago.
I'll swallow that and say you're absolutely correct, but...
Yes, more script kiddies would have known about it, but I also would have been complaining to the ISPs who where forcing the Cisco product on us to either get a new product, or would have gone with a different ISP / Router.
I have on more than one occasion pounced all over slow-to-respond vendors and Yes, I definitely sat on this far too long. Guilty as charged. Mea Culpa. In this case however, there was substantive dialog with Cisco and each time over the months that I came close to disclosure, Cisco PSIRT would let me know that they were still working hard on a fix. With the number of vulnerable 67xs out there I felt that the uninformed and sometimes uninformable masses using 67xs were better protected by non-disclosure. As you noted, the DoS was in the wild, but you still couldn't search for it on Packetstorm or SecurityFocus and hence, flying under the radar of most script kiddies. CDI ____________________________________ The Web Master's Net http://www.thewebmasters.net/ Today's Excuse: Failure to adjust for daylight savings time.
Current thread:
- Re: Cisco 675 Denial of Service Attack Nate Haugo (Dec 01)
- <Possible follow-ups>
- Re: Cisco 675 Denial of Service Attack Nicholas Ianelli (Dec 01)
- Re: Cisco 675 Denial of Service Attack Lisa Napier (Dec 02)
- Re: Cisco 675 Denial of Service Attack poke (Dec 02)
- Re: Cisco 675 Denial of Service Attack Erik Parker (Dec 02)
- Re: Cisco 675 Denial of Service Attack Kee Hinckley (Dec 05)
- Re: Cisco 675 Denial of Service Attack CDI (Dec 02)
- Re: Cisco 675 Denial of Service Attack Erik Parker (Dec 02)
- Re: Cisco 675 Denial of Service Attack poke (Dec 02)
- Re: Cisco 675 Denial of Service Attack Shane Youhouse (Dec 02)
- Re: Cisco 675 Denial of Service Attack CDI (Dec 05)
- Re: Cisco 675 Denial of Service Attack J Edgar Hoover (Dec 05)
- Message not available
- Re: Cisco 675 Denial of Service Attack Damir Rajnovic (Dec 06)
- Re: Cisco 675 Denial of Service Attack J Edgar Hoover (Dec 07)
- Message not available
- Re: Cisco 675 Denial of Service Attack Damir Rajnovic (Dec 07)