Re: Cisco IOS Vulnerability

> > cisco posted what the four 'bad' protocol types were in rev 1.3 of the > online doc - now it is just an academic exercise to get them crafted > correctlyno imagination necessary, only a router, a cco > login, and a traffic generator needed > With rev 1.0 it took me two hours. IP

Re: Cisco IOS Vulnerability

On Friday 18 July 2003 03:04, Daniel Karrenberg wrote: [cut] > > The luck will not stretch to noone having the source code to a > version of IOS with the probelm or the imagination necessary to > find it without source. > > Daniel cisco posted what the four 'bad' protocol types were in rev 1.3 of

Re: Cisco IOS Vulnerability

On 17.07 15:59, Andy Dills wrote: > Sendmail is open source, IOS is not. > > Knowing where the problem is and knowing how to exploit it are two > entirely different situations. You are naive: Security through obscurity has never worked. You need secrecy if you go down this road; and that is hard

Re: Cisco IOS Vulnerability

Foundstone Security Briefings: Cisco IPv4 Remote Denial of Service Vulnerability Date: Today, Thursday, July 17, 2003 Time: 5:30 PM Eastern, 2:30 PM Pacific Date: Tomorrow, Friday, July 18, 2003 Time: 11:00 AM Eastern, 8:00 AM Pacific You're invited to a Special Web Seminar today covering this cr

Re: Cisco IOS Vulnerability

OTECTED]> Cc: "Jack Bates" <[EMAIL PROTECTED]>; "Sean Donelan" <[EMAIL PROTECTED]>; "Mikael Abrahamsson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 17, 2003 1:11 PM Subject: Re: Cisco IOS Vulnerability > > > On Thur

Re: Cisco IOS Vulnerability

On Thursday, Jul 17, 2003, at 15:59 Canada/Eastern, Andy Dills wrote: On Thu, 17 Jul 2003, Jack Bates wrote: Sendmail root exploit took less than 24 hours to craft. I suspect that this exploit will be found within 48 hours. Enough information was provided to quickly guess where the problem lies

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003, Jack Bates wrote: > > Sean Donelan wrote: > > Cisco stated if they receive any reports of the exploit in the wild, > > they will re-issue the advisory with the updated information. > > > > Sendmail root exploit took less than 24 hours to craft. I suspect that > this exploit w

Re: Cisco IOS Vulnerability

Sean Donelan wrote: Cisco stated if they receive any reports of the exploit in the wild, they will re-issue the advisory with the updated information. Sendmail root exploit took less than 24 hours to craft. I suspect that this exploit will be found within 48 hours. Enough information was provided

Re: Cisco IOS Vulnerability

[EMAIL PROTECTED] wrote: In other words - yeah, it's probably important to get this update deployed. But unless somebody has hard evidence to the contrary, I'm betting on it just being an attempt to not let things leak out till they're ready to ship across the board. That's a LOT of trains and rebu

Re: Cisco IOS Vulnerability now in the news

At 11:00 AM 7/17/2003, Henry Linneweh wrote: July 17, 2003 DoS Flaw in Cisco Router, Switches By Ryan Naraine http://www.atnewyork.com/news/article.php/2236591 Cisco Admits Flaw in Networking Software By MATTHEW FORDAHL, AP Technology Writer

Re: Cisco IOS Vulnerability now in the news

July 17, 2003DoS Flaw in Cisco Router, Switches  By Ryan Naraine http://www.atnewyork.com/news/article.php/2236591

Re: Cisco IOS Vulnerability

>This was rumored to be a backhoe fade but the advisory refers only to >IP services and there was nothing in the popular press about any major >phone outage, so I have my suspicions. Usually if there's a fiber cut >they say so. About this time is when all of the major backbones began >flooding

Re: Cisco IOS Vulnerability

> > It should be: > > http://www.cisco.com/tacpage/sw-center/sw-ios.shtml > > The Advisory is being updated. It might even be out there. > Do you know if they are going to update the advisory with more detail? At least I´m able to generate packets which get stuck in the input queue on the vulnera

RE: Cisco IOS Vulnerability

On Thu, 17 Jul 2003, Mikael Abrahamsson wrote: > IS anyone seeing this exploited in the wild? It'd be good to know if we > need to do panic upgrade or can schedule it for our next maintenance > window (which is during the weekend). Well, there's this from Wednesday afternoon... - > Dear AT&T I

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003 03:17:32 EDT, Brian Wallingford said: > :at http://www.cisco.com/tacpage/sw-center/sw-ios.html > > I'm getting a 404 "not found" for that URL, while logged into CCO. Hmm.. you mean Magic Rebuild Dust doesn't work on webpages? ;) But yeah, it's *that* sort of thing that you w

RE: Cisco IOS Vulnerability

> To: [EMAIL PROTECTED] > Cc: Darrell Kristof; [EMAIL PROTECTED] > Subject: Re: Cisco IOS Vulnerability > > > On Thu, 17 Jul 2003 [EMAIL PROTECTED] wrote: > > :should be obtained through the Software Center on the Cisco worldwide > website > :at http://www.cisco.

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003 [EMAIL PROTECTED] wrote: :should be obtained through the Software Center on the Cisco worldwide website :at http://www.cisco.com/tacpage/sw-center/sw-ios.html I'm getting a 404 "not found" for that URL, while logged into CCO.

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003 01:05:46 CDT, Darrell Kristof <[EMAIL PROTECTED]> said: > If Cisco made THIS big a deal of this to not release info to the public, > I wouldn't wait. There must be a reason. I had to push and push to get > any info and I think they finally gave up because too many people knew.

Re: Cisco IOS Vulnerability (going OT)

> > 1) I didn't make this > 2) I cna't remmber where i got it from > 3) please don't abuse my connection too much tonight > There is another thing to play when reloading boxes, above disclaimers 1 and 2 apply. http://www.he.iki.fi/favorites.mpeg Pete

Re: Cisco IOS Vulnerability

The workaround for transit suggests permitting only tcp, udp, icmp, gre, esp, and ah protocols. Is this sufficient to protect the router itself, or do you have to get hard-nosed with specific ACLs (restricting access to all your possible interface addresses)? Jeff

RE: Cisco IOS Vulnerability

PM CT TOMORROW! From what I understand they didn't want this to be public until tomorrow afternoon. - D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mikael Abrahamsson Sent: Thursday, July 17, 2003 12:48 AM To: [EMAIL PROTECTED] Subject: RE:

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003 01:09:36 -0400, Jared Mauch <[EMAIL PROTECTED]> wrote: http://puck.nether.net/~jared/gigflapping.mp3 Mirrored at http://www.netacc.net/~rtucker/gigflapping.mp3 ... same disclaimers as Jared gives, but I have more bandwidth. :-) -rt (what do you mean I need a new chassis?)

RE: Cisco IOS Vulnerability

On Thu, 17 Jul 2003, Mikael Abrahamsson wrote: > On Wed, 16 Jul 2003, Darrell Kristof wrote: > > Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet > > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml > > IS anyone seeing this exploited in the wild? It'd be goo

Re: Cisco IOS Vulnerability

On Thu, Jul 17, 2003 at 07:48:24AM +0200, Mikael Abrahamsson wrote: > > On Wed, 16 Jul 2003, Darrell Kristof wrote: > > > > > Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet > > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml > > IS anyone seeing this e

RE: Cisco IOS Vulnerability

On Wed, 16 Jul 2003, Darrell Kristof wrote: > > Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml IS anyone seeing this exploited in the wild? It'd be good to know if we need to do panic upgrade or can sch

Flapping (was Re: Cisco IOS Vulnerability)

On Thu, 17 Jul 2003, Jason Lixfeld wrote: > This wouldn't be the "My gig port's down, and now it's up again..." > song would it? :) Folks may remember when ISPs were responding to the SNMP vulnerability many backbones were rebooting their routers during maintenance windows. At the time, some pe

RE: Cisco IOS Vulnerability

| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Jared Mauch | Sent: Thursday, July 17, 2003 1:10 AM | To: Jason Lixfeld | Cc: joshua sahala; '[EMAIL PROTECTED]' | Subject: Re: Cisco IOS Vulnerability | | | On Thu, Jul 17, 2003 at

Re: Cisco IOS Vulnerability

So that was the one... On Thursday, July 17, 2003, at 1:09 AM, Jared Mauch wrote: On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: anyone have the 'scheduled maintenance" mp3 lying around? i have a feeling i am going

Re: Cisco IOS Vulnerability

On Thu, 17 Jul 2003, Jared Mauch wrote: > > On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: > > > > > > On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: > > > > >anyone have the 'scheduled maintenance" mp3 lying around? i have a > > >feeling i am going to need it >

Re: Cisco IOS Vulnerability

On Thu, Jul 17, 2003 at 01:02:42AM -0400, Jason Lixfeld wrote: > > > On Wednesday, July 16, 2003, at 11:34 PM, joshua sahala wrote: > > >anyone have the 'scheduled maintenance" mp3 lying around? i have a > >feeling i am going to need it > > This wouldn't be the "My gig port's down, and now it

Re: Cisco IOS Vulnerability

On Wednesday 16 July 2003 23:18, Jared Mauch wrote: > On Wed, Jul 16, 2003 at 10:11:49PM -0500, Darrell Kristof wrote: > > Cisco has posted information regarding this issue and work > > arounds. 12.3 based code does not exhibit this problem. > > > > Cisco Security Advisory: Cisco IOS Interface Blo

Re: Cisco IOS Vulnerability

On Wed, Jul 16, 2003 at 10:11:49PM -0500, Darrell Kristof wrote: > > Cisco has posted information regarding this issue and work arounds. > 12.3 based code does not exhibit this problem. > > Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet > http://www.cisco.com/warp/public/7

RE: Cisco IOS Vulnerability

Cisco has posted information regarding this issue and work arounds. 12.3 based code does not exhibit this problem. Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml - Darrell -Original Message- Fr