Re: Cisco IOS Shellcode Presentation

[Jason <security () brvenik com>]

> Second, the exploit is limited to local network segment, except it seems to
> me a worm that spreads from router to router could spread via the local
> network since a local network segment is usually defined as the wire between
> two routers.. Infection would spread from one router to it's peers, to those
> peers, etc. (please correct me if I'm wrong)

The different local segments are rarely connected via like routers with 
like images. You might get several local segments but then you have the 
edges which are almost always a different model.

Today it is unlikely that the ipv6 issue could cause wide spread outage 
since it cannot traverse routers. There may very well be other issues 
discovered that can traverse routers but they are still unlikely to be 
successful as a self propagating worm in large scale.

It is likely very feasible to infect like systems and even potentially 
several different systems with a worm but the overhead and timings 
involved push that reality out a little bit on the threat time line. A 
nation might have done this work already but I am doubtful they would 
release it without good cause.

The risk goes up significantly when Cisco moves to a virtualized process 
space since become very likely.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/