Firewall Wizards mailing list archives

RE: Worms, Air Gaps and Responsibility

From: "Kelly, Chris W." <ckelly () hsutx edu>
Date: Fri, 14 May 2004 08:57:14 -0500

Yea - I worry about that some.  We use a wireless internet feed from the
local cable company for net access.  We had some trouble with the
service being there one minute and gone the next.  It's very reassuring
when you call them, then the "tech" calls back and you get a
conversation like:
"What's wrong?"
"Service is down again."
"Hang on...um, run IPCONFIG for me."
"OK...We don't have our normal 12.xxx address - just the Windows
default."
"What is it?"
"169.254..."
"You have a virus."
"Do what?  Why do you say that?"
"That IP address has been in some computers I've seen that have a
virus."

So then I get to school the guy on a little Windows IP and finally he
agrees what the real deal is - the node is dead.  They also had an
"expert" come from Dallas last week and when the "expert" got done,
their DNS servers were off line about half the time.  "Expert"
apparently made a second trip to correct that problem.  But I got to
explain a little DNS to the tech and convince him that it was a failure
in their system, not problem on my end.  If they have that good an
understanding of the system, it makes you really wonder what - if any -
security is in place.  At least it's a proprietary system and not
something any old 802.11 client can lock on to.

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
Of Nathan C. Smith
Sent: Thursday, May 13, 2004 8:34 AM
To: 'firewall-wizards () honor icsalabs com'
Subject: RE: [fw-wiz] Worms, Air Gaps and Responsibility

Won't it be interesting when people start looking for ways to 
exploit consumer appliances like Wireless Access Points, SOHO 
Routers, Tivos, x-boxes, and other "set-top" boxes that are 
unhardened in the consumer realm.  A "set-top box", once 
infected, might have no way to clear its infection short of 
returning it to the distributor if the programmer was clever 
enough.  There are a whole range of devices, with more coming 
on-line everyday that are well-connected and exposed.

These boxes with common OS-variants - Linux, Windows and RTOS 
that will be relatively inexpensive, so there will be access 
to the equipment, and common vulnerabilities will be 
available and may go unpatched.

-Nate

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Best Practices, (continued)
- - - Re: Best Practices Dana Nowell (May 21)
    - Re: Best Practices Gwendolynn ferch Elydyr (May 21)
    - Re: Best Practices Dana Nowell (May 21)
    - Re: Re: Best Practices R. DuFresne (May 21)
    - Message not available
    - Re: Re: Best Practices Dana Nowell (May 21)
    - Re: Worms, Air Gaps and Responsibility Nate Campi (May 21)
  - RE: Worms, Air Gaps and Responsibility Eugene Kuznetsov (May 13)
  - Re: Worms, Air Gaps and Responsibility ArkanoiD (May 14)
- RE: Worms, Air Gaps and Responsibility Nathan C. Smith (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Kelly, Chris W. (May 14)