This is getting somewhat off-topic, but is still a general security issue
firewall people all deal with ...
----- Original Message -----
> Or perhaps disassembling a downloaded version of IOS. You don't
> necessarily need to have the hardware, although it would make testing
> easier. (Having the source to IOS would be even better. How many
> people has Cisco laid off in the last six months?)
I don't know if major companies consider the security implications of such
things or not.
> bytes have to be in the machine language understood by this CPU. If
That's not very hard either; in most cases the CPU is much better documented
than the software that runs on it.
> they make references to absolute memory addresses, the author has to
> know what those addresses are for this particular model with this
> much memory and this IOS version. If he wants to reroute packets or
> something, he has to know how legitimate IOS code invokes those
> services....
Only if the underlying OS does integrity checks and if the attacker doesn't
want
the unit to lock up during / after the attack. If they just wanted to do a
one-shot
attack, it might not need as much pre-testing.
> Yes, but it's about an order of magnitude harder to do.
Thus, "entertaining" ... :)
> There can
> be buffer overflows which interfere with stable/normal operation;
> some of those meet the above conditions and allow arbitrary code to
> execute; and for some of *those*, someone has done (or is doing, as
> we speak) the really hard work to get that arbitrary code to actually
> compromise the operation of the box and not just disrupt it.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
