On Fri, 29 Jul 2005 08:29:35 -1000, Jason Coombs said: > Precisely. And Lynn pointed out that Cisco routers use general purpose > CPUs -- therefore Cisco's own engineers chose purposefully to build a > vulnerable device.
All von Neumann architecture processors are equally vulnerable in theory. About all you can do is fix the boot loader and early kernel code to emulate a Harvard architecture (basically, 2 separate memory spaces, one for instructions and one for code, and never the twain shall meet). At that point, things are a little better. However, both von Neumann and Harvard systems are Turing-complete, and therefor have innate theoretical limits (see the Turing Halting Problem for details, and Fred Cohen showed over 20 years ago that the detection of malware is a Turing-equivalent problem. Your only perfect defense here is implementing all of it in a custom ASIC, which in itself is insane - if a logic or timing bug is found, you're looking at having to do a hardware replacement rather than just downloading a new software load. You can cut some of the pain with an FPGA, but that's still a whole different league than a software solution. You think debugging a BGP wedgie(*) is tough now, remember that even IOS is able to do a small amount of introspection and tell you what's going on. That's almost impossible with an ASIC or FPGA based solution... (*) Yes, it's really called that. Google for 'BGP Wedgie' if you don't believe me. :)
pgpgbkITL5lZO.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
