Full Disclosure mailing list archives

Re: ASN.1 telephony critical infrastructure warning - VOIP

From: jan.muenther () nruns com
Date: Wed, 18 Feb 2004 18:36:47 +0100


Vladis,

We don't see dedicated and targeted attacks at 4 million cablemodem users
designed to drop off trojans, ddos zombies, and similar.


Sure. I wasn't claiming that worms don't get deployed, neither that they do
not pose a huge problem. My point was rather that the fact something might
not be an addressable target for a worm it doesn't automatically make it an
unattractive target altogether. Just because it can't be mass-exploited,
doesn't mean people are not going to use it as an entry point. 

We haven't seen worms for a whole bunch of Unix vulnerabilities that pretty
much appeared in all variants, free or not. Still, these are being actively
exploited on a daily basis. 

The fact that these things are not maxing out people's bandwidth or just
make the machine blatantly unusable sure makes them less noticed. However,
if you care about the specific security of data on your network, they're at
risk all the same. In this regard (beat me for this), worms like MSBlaster
sure did have security-enhancing side effect, because people patched their
boxen that otherwise wouldn't have even thought about it - or noticed.

Many of the worst "dedicated and targeted attacks" of late presuppose the
presence of a zombie net - preventing the formation of such a net then makes
the attack a lot harder to carry out.


I'm not talking about DDoS, and a zombie net isn't necessary to obfuscate
the origin of your actions. I mean the 'find target, strike, cover your ass'
sort of attack. VoIP installations sure is an attractive target for such
operations, don't you think?


And for that matter, installation of a keystroke logger to sniff out credit card
numbers *IS* a dedicated and targeted attack - on the credit card system.


I don't quite get your point here - did I claim anything else?

Cheers, J.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

ASN.1 telephony critical infrastructure warning - VOIP Gadi Evron (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski (Feb 17)
  - RE: ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich (Feb 17)
    - Re: ASN.1 telephony critical infrastructure warning - VOIP Michael Samuel (Feb 18)
    - Re: ASN.1 telephony critical infrastructure warning - VOIP jan . muenther (Feb 18)
    - Re: ASN.1 telephony critical infrastructure warning - VOIP Valdis . Kletnieks (Feb 18)
    - Re: ASN.1 telephony critical infrastructure warning - VOIP jan . muenther (Feb 18)
    - RE: ASN.1 telephony critical infrastructure warning - VOIP David Wilson (Feb 23)
- Re: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 17)
  - Re: ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens (Feb 17)
  - Re: ASN.1 telephony critical infrastructure warning - VOIP Florian Weimer (Feb 17)
    - Re[2]: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michael H. Warfield (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn (Feb 20)
- <Possible follow-ups>
- RE: ASN.1 telephony critical infrastructure warning - VOIP John LaCour (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Joseph M Hoffman (Feb 19)