SNMP issue documented at
http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml
--- anthony kim <[EMAIL PROTECTED]> wrote:
> Question:
> is the "guessable TCP sequence number process" a
> flaw in the randomization
> of the ISN?
>
> --- Robert Padjen <[EMAIL PROTECTED]> wrote:
> > Slightly OT.
> >
> > Cisco is announcing a number of security holes in
> > certain versions of the IOS, likely tomorrow. A
> number
> > of them are starting to get exposure in the
> security
> > press already, and ISPs have been briefed and
> should
> > have patches and other temporary fixes in place
> > already. Enterprise customers (some larger ones)
> were
> > briefed today and have already taken steps to
> thwart
> > attacks.
> >
> > The two biggest threats in my mind are:
> >
> > - A default SNMP RW string of ILMI.
> > - A guessable TCP sequence number process - this
> could
> > be used to hack BGP and other router processes.
> >
> > There are a number of others. Most of us will be
> same
> > because the attacks need access - for example, you
> > deny SNMP from the untrusted networks, right?
> Thus,
> > ILMI is just another guess at the password/string.
> BGP
> > should only accept packets from the neighbor, so
> > again, a non-issue hopefully.
> >
> > The biggest reason for posting this here is for
> those
> > studying security - the next few days should be
> very
> > interesting to watch.
> >
> > =====
> > Robert Padjen
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
Robert Padjen
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
