nanog mailing list archives
RE: "Cisco gate" - Payload Versus Vector
From: Jim Popovitch <jimpop () yahoo com>
Date: Tue, 02 Aug 2005 18:46:09 -0400
On Tue, 2005-08-02 at 15:29 -0700, Dan Hollis wrote:
On Tue, 2 Aug 2005, Randy Bush wrote:even without stiffling the heap check via crashing_already (i.e. a 'fix' is developed for that weakness), is the 30-60 second window sufficient to do serious operational damage. i.e. what could an attacker do with a code injection with a mean life as short as 15-30 seconds?change the passwords and write to nvram, and come back later?
some more that come to mind as ssh/enable pw changes wouldn't go unnoticed for too long. change snmptrap dest change snmp r/w comstrs (most monitoring would only use r/o comstrs) change ACLs on snmp access to allow public IPs change the ip address of the host that is used for tftp boots lots of things can be done in a 1/10 of the 30-60 second window. -Jim P.
Current thread:
- RE: "Cisco gate" - Payload Versus Vector Randy Bush (Aug 02)
- RE: "Cisco gate" - Payload Versus Vector Dan Hollis (Aug 02)
- RE: "Cisco gate" - Payload Versus Vector Jim Popovitch (Aug 02)
- Re: "Cisco gate" - Payload Versus Vector Petri Helenius (Aug 03)
- RE: "Cisco gate" - Payload Versus Vector Dan Hollis (Aug 02)