Re: Cisco vulnerability and dangerous filtering techniques

[jgraun () comcast net]

That is a bit paranoid, but it could happen.  I have not seen anybody do 
anything that intelligent in the past couple of years.  Not to say that there 
arent people out there that couldn't do that but I think many have thought of 
using one exploit to expose another, DDoS is the closest I have seen on any of 
my honeypots.  I have learned many things about what most people will try to 
get into a box from the honeypots, but that is a good point.  Filtering or 
patching should take place on the edge and on the most critical spots on your 
network.

Good Luck
> I had a passing thought over the weekend regarding Thursday's cisco
> vulnerability and the recent Microsoft holes.
>
> The next worm taking advantage of the latest Windows' vulnerabilities is
> more or less inevitable.  Someone somewhere has to be writing it.  So why
> not include the cisco exploit in the worm payload?
>
> Based on past history, there will be plenty of vulnerable Windows hosts to
> infect with the worm.  I would also guess that there are lots of
> organizations and end-users that have cisco devices that haven't patched
> their IOS.  Furthermore, I wonder how many people have applied filtering
> only at their border?  But packets from an infected host inside the
> network wouldn't be stopped by filtering applied only to the external
> side.
>
> Basically, if you're filtering access to your interface IP's rather than
> upgrading IOS, remember that the internet isn't the only source of danger
> to your network.
>
> Adam Maloney
> Systems Administrator
> Sihope Communications