nanog mailing list archives
RE: Cisco vulnerability and dangerous filtering techniques
From: "McBurnett, Jim" <jmcburnett () msmgmt com>
Date: Tue, 22 Jul 2003 10:08:42 -0400
EXACTLY!! Company A fired the wrong person. DDoS internally. Company B has a Business partner that has VPN access, that get's infected. Company C has a home user that uses VPN on a cable modem. he gets infected.... Virus writers will see this and use it... What better DDoS method is there than to take down the network equipment.... I see this as a make or break.... If someone does not upgrade, well think of this as a roll-coaster. Remember the sign? This ride is not advised for people with bad backs, pregnant ladies...... This will be a long year of patches and learning experiences... J -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Tuesday, July 22, 2003 9:55 AM To: Niels Bakker Cc: nanog () merit edu Subject: Re: Cisco vulnerability and dangerous filtering techniques On Tue, 22 Jul 2003 15:40:02 +0200, Niels Bakker <niels=nanog () bakker net> said:
* adamm () sihope com (Adam Maloney) [Tue 22 Jul 2003, 15:33 CEST]:The next worm taking advantage of the latest Windows'
vulnerabilities
is more or less inevitable. Someone somewhere has to be writing it. So why not include the cisco exploit in the worm payload?Why would a worm disable a vital component on its path to new
infections? It's not part of the spread-the-worm code, it's part of the DDoS engine that it leaves behind. If you get lucky, one of your 20K zombies is the other side of a router along with whoever you're pissed at and want to DDoS, so you send the command, and the zombie sprays 76 packets, goes to sleep for 30 mins, sprays another 76.. lather rinse repeat. I'm going to go out on a limb and say that at least 30% of Ciscos are installed in places that would, if hit with this, have NO CLUE why their router needs to be power cycled every 30 mins.....
Current thread:
- Cisco vulnerability and dangerous filtering techniques Adam Maloney (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Niels Bakker (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Jason Frisvold (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Allan Liska (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Jason Frisvold (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Niels Bakker (Jul 22)
- <Possible follow-ups>
- RE: Cisco vulnerability and dangerous filtering techniques McBurnett, Jim (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques jgraun (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques Austad, Jay (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Chris Lewis (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques alex (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques Austad, Jay (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Steve (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques alex (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Steve (Jul 22)