lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Feb 2004 19:09:42 +0300
To: Gadi Evron <>
   Zak Dechovich <>
Subject: Re: ASN.1 telephony critical infrastructure warning - VOIP

Dear Gadi Evron,

ASN.1  is  used  by  many  services,  but  all  use different underlying
protocols.  It's  not  likely  NetMeeting or MS ISA server to be primary
attack  targets.  Attack  against  MS  IPSec  implementation,  Exchange,
SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
infrastructure  (except  connectivity  degradation  because  of  massive
traffic). And these applications are more likely to be attack target.

--Tuesday, February 17, 2004, 6:37:53 PM, you wrote to

GE> I apologize, but I am using these mailing lists to try and contact the
GE> different */CERT teams for different countries.

GE> As we all know, ASN.1 is a new very easy to exploit vulnerability. It
GE> attacks both the server and the end user (IIS and IE).

GE> We expect a new massive worm to come out exploiting this vulnerability
GE> in the next few days.

GE> Why should this all interest you beyond it being the next blaster?

GE> ASN is what VOIP is based on, and thus the critical infrastructure for
GE> telephony which is based on VOIP.

GE> This may be a false alarm, but you know how worms find their way into
GE> every network, private or public. It could (maybe) potentially bring the
GE> system down.

GE> I am raising the red flag, better safe than sorry.

GE> The two email messages below are from Zak Dechovich and myself on this
GE> subject, to TH-Research (The Trojan Horses Research Mailing List). The
GE> original red flag as you can see below, was raised by Zak. Skip to his
GE> message if you like.

GE>      Gadi Evron.

GE> Subject: [TH-research] */CERT people: Critical Infrastructure and ASN.1
GE> - VOIP [WAS: Re:
GE>   [TH-research] OT: naming the fast approaching ASN.1 worm]

GE> Mail from Gadi Evron <>

GE> All the */CERT people on the list:
GE> If you haven't read the post below, please do.

GE> Anyone checked into the critical infrastructure survivability of an ASN
GE> worm hitting? phone systems could possibly go down. We all know how
GE> worms find their way into any network, private or otherwise. and VOIP
GE> systems (which phone systems are based on nowadays) could go down.

GE> Heads-up! Finds them contingency plans..  :o)

GE> Any information would be appreciated, or if you need more information
GE> from us: +972-50-428610.

GE>      Gadi Evron.

GE> Zak Dechovich wrote:

 >> Mail from Zak Dechovich <ZakGroups@...UREOL.COM>
 >> May I suggest the following:
 >> ASN1 is mainly used for the telephony infrastructure (VoIP),
 >> any code that attacks this infrastructure can be assigned with 'VoIP'
 >> prefix, followed by the attacked vendor (cisco, telrad, microsoft, etc.).
 >> for example, if (when) Microsoft's h323 stack will be attacked, the name
 >> should be VoIP.ms323.<variant>, or if Cisco's gatekeepers will crash,
GE> lets
 >> call it VoIP.csgk.<variant>
 >> Your thoughts ?
 >> Zak Dechovich,
 >> Zak Dechovich,
 >> Managing Director
 >> SecureOL Ltd.
 >> Mobile: +972 (53) 828 656
 >> Office: +972 (2) 675 1291
 >> Fax:    +972 (2) 675 1195

GE> -
GE> TH-Research, the Trojan Horses Research mailing list.
GE> List home page:

GE> _______________________________________________
GE> Full-Disclosure - We believe in it.
GE> Charter:

Сэр Исаак Ньютон открыл, что яблоки падают на землю. (Твен)

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists