nanog mailing list archives
RE: Cisco vulnerability and dangerous filtering techniques
From: "Austad, Jay" <JAustad () temgweb com>
Date: Tue, 22 Jul 2003 16:55:43 -0500
How many thousands of "polls" do you think a looking glass can handle simultaneously? I am all for the doomsday scenarios, but lets make them a little bit less sci-fi, shall we? How about "it would create valid looking OSPF packets with garbage in them?" or "create valid looking STP packets"
It was just a suggestion. I don't think it's plausible on a wide scale, but only a few queries would be needed to get an overview of the topology. Originally I was thinking traceroutes. It's not going to be exact, but it's going to glean enough information to cause more damage than without that info. If you were doing some sort of p2p, each host would simply need to perform many random traceroutes and correlate their data. The devices that appeared most often in that data would obviously be backbone routers, and the attack would start with those and work to the least frequent (with specific emphasis on the hops that were seen from the local trojan/worm/etc). Like I said, it's not going to be perfect, but it is better than blindly spewing out evil packets. Jay
Current thread:
- Re: Cisco vulnerability and dangerous filtering techniques, (continued)
- Re: Cisco vulnerability and dangerous filtering techniques Chris Lewis (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques alex (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques Austad, Jay (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Steve (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques alex (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Richard A Steenbergen (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Patrick W. Gilmore (Jul 23)
- Re: Cisco vulnerability and dangerous filtering techniques Steve (Jul 22)
- Re: Cisco vulnerability and dangerous filtering techniques Valdis . Kletnieks (Jul 22)
- RE: Cisco vulnerability and dangerous filtering techniques Patrick W. Gilmore (Jul 23)
- RE: Cisco vulnerability and dangerous filtering techniques alex (Jul 23)
- Re: Cisco vulnerability and dangerous filtering techniques Scott McGrath (Jul 23)
- Re: Cisco vulnerability and dangerous filtering techniques Patrick W. Gilmore (Jul 23)
- RE: Cisco vulnerability and dangerous filtering techniques Pete Kruckenberg (Jul 23)
- RE: Cisco vulnerability and dangerous filtering techniques Simon Lyall (Jul 23)
- Re: Cisco vulnerability and dangerous filtering techniques bmanning (Jul 24)