From: Bogdan Sass (bogdan.sass@catc.ro)
Date: Mon Jan 26 2009 - 06:09:04 ARST
Darby Weaver wrote:
> I read the article... FUD.
>
> While I totally agree to patch and keep devices up to date. They have to
> date succeeded in exploiting a 1700 and a 2600 series router with outdated
> IOS code.
>
> They admit to something like 1 in 100,000 chance of even getting close
> enough to attempt an exploit... really...
>
Unfortunately, the pdf is not quite clear on this - from what I
understand, they are saying that _current_ exploits have about a
1/100,000 chance. What they are trying to point out is that it is (at
least theoretically) possible to increase that chance using their
methodology.
How much is that increase? Not sure (and I don't think they have an
accurate aproximation either).
> Everyone knows any OS can be exploited by using a buffer overflow to pop the
> stack. It's practically a given.
From what little I can remember from my programming classes, this is
not "a given". All input should be checked to make sure that it doesn't
overflow the existing buffer.
While i agree that it is very difficult to do this for each and
every single buffer in an operating system (and this is why buffer
overflow vulnerabilities are still being found in most OSs), "it happens
to everyone" doesn't equal "it is a given" :)
> It's easier to insert a rogue router into a network and advertise incorrect
> routing information than it is to pop the stack and gain root on the Cisco
> IOS...
>
There are always easier attacks - and most of the time, those
attacks involve the human factor (it's always easier to get the password
from a post-it note than to brute-force it :P ). But this is not the
point here :)
-- Bogdan Sass CCAI,CCSP,JNCIA-ER,CCIE #22221 (RS) Information Systems Security Professional "Curiosity was framed - ignorance killed the cat"Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST