| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Jul 30 15:09:17 2005 From: geoincidents at nls.net (Geo.) Subject: Cisco IOS Shellcode Presentation > Anyhow, as for Cisco's DJ's spinning "it's only an IPv6 thing you can all > go home now...", isn't it humorous to see that IPv6 is supposed to be > "that much more secure". Obviously I wouldn't believe Cisco when they > state its IPv6 based only don't get me wrong, it's funny to see spin. A few points. 1) Lynn was put onto this from something he found on a Chinese hacking site. He hasn't actually said he invented this technique has he? 2) IPv6 is fairly common in Asia, isn't it? The "it's not an issue because nobody uses IPv6" is a US centric viewpoint. 3) Cisco slipstreamed the patch and did a stealth release. The actual advisory wasn't released until Lynn did his presentation. 4) If it's such a "who cares" type thing, why did Cisco try to snuff it out? Obviously Cisco's spin and actions don't match here. 5) given the above, is it possible that this bug and possibly this technique of getting root on routers was being used to spy on people? Remember back in the late 90's when some ISP in McLean VA "accidentally" rerouted half of Europe thru their network which just happens to be where the CIA headquarters are? http://news.com.com/Router+glitch+cuts+Net+access/2100-1033_3-279235.html This type of exploit would appear to me to be exactly the type of useful thing that intelligence services would love. Look at the facts, you could tunnel smtp and/or http traffic thru anywhere you wanted leaving icmp traffic passing the normal routes so that a traceroute shows nothing suspicious. Could you ask for more? Geo.
Powered by blists - more mailing lists