nanog mailing list archives

Infection vectors

From: Charles N Wyble <charles () knownelement com>
Date: Mon, 15 Aug 2011 10:55:17 -0500

On 08/15/2011 10:31 AM, Steven Bellovin wrote:

On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:

I've always wondered if the next cisco/juniper 0 day will be delivered
via a set of exploits delivered via a link posted to NANOG. :) Maybe
I'll do a talk at DEFCON next year about that.

more likely a 'shortened' url.  how anyone can click those is beyond me.

I'm curious what your objection is.

Mine is privacy -- the owner of the shortening site gets to see every place
you visit using one of those.

That's why I have my own url shortening service using yourls.(http://yourls.org/)

   I don't think there's a significant incremental
security risk, because the URL you click on doesn't tell you what you'll
receive in any event.

Exactly.

   Case in point: https://www.cs.columbia.edu/~smb/SMBlog-in-PDF.pdf
does *not* yield a PDF.  (As far as I know, it's a completely safe URL to
click on, but I can't guarantee that someone else didn't hack my site.  I, at
least, haven't put any nasties there.)

Or so you claim! :) And a PDF file is a particularly potent infectionvector. It would be interesting to put up a PDF (say OSPFvsISIS.pdf orWhyAnyoneWhoIsn'tNamedOwenHasRottenv6Ideas.pdf) with an exploit. Thisexploit could be a toe hold, which grabs other malware, opens reverseremote shell etc. If one is targeting very long term exploitation atmass scale, sitting in the network control plane for a long period oftime is a large factor. And if one entices operators to download malware, the first step of most attacks (elevating privileges) is often mucheasier (certainly faster, as operators doing something privileged is aregular occurrence).

Given the rate of hacking -- is anyone really safe from a
determined amateur attack,

Maybe.

  let alone state-sponsored nastiness? -- and
given the amount of third-party content served up by virtually all ad-containing
site, you really have no idea what you're going to receive when you click
on any link.


Yep. I see hacked ad content every single day.

Current thread:

Re: How long is your rack?, (continued)
- - - Re: How long is your rack? Joe Greco (Aug 14)
    - Re: How long is your rack? Charles N Wyble (Aug 14)
    - Re: How long is your rack? Randy Bush (Aug 15)
    - Re: How long is your rack? Leo Bicknell (Aug 15)
    - Re: How long is your rack? Steven Bellovin (Aug 15)
    - Re: How long is your rack? Randy Bush (Aug 15)
    - Re: How long is your rack? Dave CROCKER (Aug 15)
    - Re: How long is your rack? Matthew Palmer (Aug 15)
    - Re: How long is your rack? David Miller (Aug 15)
    - Re: How long is your rack? Greg Ihnen (Aug 15)
    - Infection vectors Charles N Wyble (Aug 15)
    - Re: How long is your rack? Valdis . Kletnieks (Aug 15)
    - Re: How long is your rack? Charles N Wyble (Aug 14)
    - IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 14)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Paul Graydon (Aug 14)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 14)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 15)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 15)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Cameron Byrne (Aug 15)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Charles N Wyble (Aug 14)
    - Re: IPv6 Real World Maturity (was re: How long is your rack?) Doug Barton (Aug 16)

(Thread continues...)