lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42EA971D.7060404@brvenik.com>
Date: Fri Jul 29 21:52:57 2005
From: security at brvenik.com (Jason)
Subject: Cisco IOS Shellcode Presentation


> 
> Second, the exploit is limited to local network segment, except it seems to
> me a worm that spreads from router to router could spread via the local
> network since a local network segment is usually defined as the wire between
> two routers.. Infection would spread from one router to it's peers, to those
> peers, etc. (please correct me if I'm wrong)

The different local segments are rarely connected via like routers with 
like images. You might get several local segments but then you have the 
edges which are almost always a different model.

Today it is unlikely that the ipv6 issue could cause wide spread outage 
since it cannot traverse routers. There may very well be other issues 
discovered that can traverse routers but they are still unlikely to be 
successful as a self propagating worm in large scale.

It is likely very feasible to infect like systems and even potentially 
several different systems with a worm but the overhead and timings 
involved push that reality out a little bit on the threat time line. A 
nation might have done this work already but I am doubtful they would 
release it without good cause.

The risk goes up significantly when Cisco moves to a virtualized process 
space since become very likely.

Powered by blists - more mailing lists