RE: Cisco Device Exploit Perl Script

[Mark.Schutzmann () Omron com]

Jason,

I tend to believe that if this script were harmless, Cisco would not have
put out such a broad advisory on their equipment, and taken this so
seriously. As a matter of security, I disable all http and telnet services
on my Cisco equipment, and use the ssh (which also had vulnerabilities) or
the console when possible.
Regards,
Mark


                                                                                                                        
               
                      "Jason Truong"                                                                                    
               
                      <Jason.Truong@plu        To:       "Perrymon, Josh L." <PerrymonJ () bek com>, "Ben Nelson " 
<lists () venom600 org>,  
                      mtree.com>                <Mark.Schutzmann () Omron com>                                          
                  
                                               cc:       <snort-users () lists sourceforge net>                         
                  
                      03/31/2004 02:53         Subject:  RE: [Snort-users] Cisco Device Exploit Perl Script             
               
                      PM                                                                                                
               
                                                                                                                        
               
                                                                                                                        
               




Hey guys,

Running this script would be nice in a development environment but will it
actually take down my switches/routers in production?

Thanks,

Jason T.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Perrymon,
Josh L.
Sent: Tuesday, March 30, 2004 9:27 PM
To: 'Ben Nelson '; 'Mark.Schutzmann () Omron com '
Cc: 'snort-users () lists sourceforge net '
Subject: RE: [Snort-users] Cisco Device Exploit Perl Script


 I have packet dumps if anyone needs them I can post on my site to grab-
This seems to be a wake-up call for Cisco shops comparable to Blaster for
M$.

Funny how many switches are on a LAN :)


JP

-----Original Message-----
From: Ben Nelson
To: Mark.Schutzmann () Omron com
Cc: snort-users () lists sourceforge net
Sent: 3/30/2004 4:54 PM
Subject: Re: [Snort-users] Cisco Device Exploit Perl Script

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

~From the first article, they mentioned that K-Otik had published the
script on their web site.  So a quick Google search turned up the
following:

http://www.k-otik.com/exploits/03.28.cge.pl.php

- --Ben

Mark.Schutzmann () Omron com wrote:
| Has anyone seen the actual Perl scripts, written by the BlackAngel's
| hacking group recently, which exploits Cisco devices? Has anyone
developed
| any Snort sigs for these exploits yet?
|
|
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci9
57319,00.html
| http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
|
| Best Regards,
| Mark
|
|
|
|
| -------------------------------------------------------
| This SF.Net email is sponsored by: IBM Linux Tutorials
| Free Linux tutorial presented by Daniel Robbins, President and CEO of
| GenToo technologies. Learn everything from fundamentals to system
| administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
| _______________________________________________
| Snort-users mailing list
| Snort-users () lists sourceforge net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAafqJ3cL8qXKvzcwRAieGAJ9v1n/1WlCvmB5RE253JNwAR9AlOgCdHceU
yk/LEcQFFFT9JPdyVZl8V4k==FZts
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users