lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Sep 19 21:48:12 2005
From: ciscoioshehehe at yandex.ru (ciscoioshehehe)
Subject: Cisco IOS hacked?

Hi andrei and all!

Below I try to translate original post in LJ from russian to English (Source: http://www.securitylab.ru/news/extra/240414.php). All information was published on SecurityLab.ru in article http://www.securitylab.ru/news/240415.php is absolute  true.

Sorry for my poor English:

??????? ? ???????? ?????? ???????? ????????? ??????????? ???? ? ??????? ELF ???? ??? ????????? IOS?

algorithm of implementation alien code in big ELF file called Cisco IOS has been created and in details described.

????????? ??????????? ????? IOS, ??????? ? ???????? ?????????????????? ???????????/????????? ??? IOS ? ???????????? ?????????????? ??????????? ??????

Hacked IOS checksum, written and approved cross-platform  diswrapper/wrapper  for IOS with reconstruction IOS checksum.

????????????? ?????? ????? IOS ?? IOS. ?????? ???????? ?????? ??????????????????? IOS ?????. ? ???????? ??????????????, ????????? IRC ?????? ?? 2600-? ??????

Implement first attack IOS to IOS.   Algorithm of work IOS worm has been described. As derision,  started IRC server on 2600 CISCO router.

?EIGRP ???????? ? ??????. ???????????? ???????? ????????? ? ?????????? ??????? ??? ?????? ??5 ?????. ?????????????????? ??? ????? FX'a, ?? ????? ?????? ?????? ?????????????. ?? ?? ????????? ???????? ?????? ?????????? ?? ??? ?????? ??5 ?????. ??????? ????? ?????????? ??? ????? ?????? ?????????? EIGRP ??????????????, ? ?? ???? ???

EIGRP is carried in pieces. Inject routes in stand-alone system without knowledge of md5 key has been implemented. 

??????? ????? ??????????? ????????? ???? ? ??????? ??????????? ????????? ???? ? ??????? ??????? 802.1q ???????????? ?????? ???????????? ???????????? ????????? ? ????????? ???????

Jumps through virtual local networks and private virtual local networks using double 802.1q encapsulation  now provide the two-way message with an attacked host.

???? ????? ??? ?? ?????????? ????? ??????
Found DoS for connection over PiX

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ