Oh, you guys are no fun at all. The key to a conspiracy theory is that the facts have to at least marginally support the theory and not prove it. Just enough evidence to make one paranoid but not make you want to hide in your fall out shelter.
This is perfect for a conspiracy, Very large company finds problem, exploits the security nervousness of the market to get everyone to upgrade to the most recent version and saves a big wad of cash by doing so. This has more realism than the grassy knoll theory. The support money that cisco makes is just the point that makes the theory work. If I can collapse down to less versions or IOS, meaning one version for each feature set, thus upgrading all the systems to the latest, you will take less support calls because you will deal less often with users with older versions. If there are less older versions out there then you don't have to deal with people calling about problems that you fixed in newer software and thus lower your over all calls. Less calls means less resources and thus less costs. I wasn't suggesting that they would all collapse into a single IOS version. Thus the argument isn't "silly." The convenience of the flaw isn't that they added it but that it just came up at a time when it was convenient to use. The multiple versions of IOS in active use could be quickly brought to a smaller number by a dangerous flaw. And conveniently the flaw was dangerous enough that admins would do the upgrade ASAP and reset their machines. They did the work, and you didn't have to take a lot of responsibility or have to fight with them to get them to upgrade. As for the flaw itself being rare, well, that's exactly the type of thing hackers look for. They want something to break stuff and the common high use protocols obviously don't have the problem. The variations of the TTL, special crafting, and the use of 76 packets to do it would make this a hackers pot-of-gold. And it obviously was since it took only 2 days for someone to make an exploit. The typical time estimate for announcement to exploit has been 30 days. I think cisco got lucky that no one was very inventive with testing their routers. The only problem I have is how many other types of routers may have similar issues. (That makes me a bit nervous at times.) In the end you're correct, that cisco did the right thing and that there is no conspiracy (no matter how fun it is to poke fun at it). I have found little press that makes this out to be a big deal, which it was at least from the amount of work I had to do and I can guess there were others that had much more than I. Jac --- James Fields <[EMAIL PROTECTED]> wrote: > This sounds false on its face. Cisco actually makes > a great deal of > money from providing support (trust me, I know what > my company pays for > a blanket contract and it's enough to put several > Cisco-kids through > college every year). > > There's a pretty good reason why this flaw wasn't > found sooner - the > parameters required to exploit the flaw are a > combination of things that > are extremely unlikely to occur naturally. Three of > the four protocols > are not something you'd intentionally target at a > router. The fourth > (PIM) is something you would target at a router if > you needed it, but my > understanding is with PIM support in the IOS and > enabled, the router > isn't affected. Further, for all four protocols the > TTL on the packet > has to be exactly at the point of expiring to get > "wedged" in the input > queue. It is very rare for any packet's TTL to > expire exactly at the > place where it is intended to land except during > traceroutes - the only > other time it is common for a TTL to expire is where > there is a routing > loop somewhere in a network. > > What is quite possible is that once in a VERY long > while a router might > be affected by something in these protocols, but > since it takes a lot of > these special packets to fill the input queue in > many cases people may > not know they were being affected at all, or may > have opened TAC cases > wondering why their input queues seemed to be stuck > at something higher > than 0. I would bet a (small) sum that up until the > flaw was announced > and hackers got busy creating exploits, there were > no documented cases > of a router's interface getting hosed this way that > were attributable to > this kind of traffic. > > How exactly would Cisco "conveniently" find this > flaw? Are you > suggesting that they somehow introduced it? How > could they do that when > it is apparently in every IOS since 1994? That > certainly seems to be > the suggestion given your assertion that it is odd > that it wasn't > discovered sooner. > > I do not think we are praising them for having such > a nasty bug. I > think the reason Cisco is looking OK is that Cisco's > behavior in > revealing it themselves is seen in contrast to so > many companies who A) > don't find their own flaws and B) ignore them or > deny them when > notified. If you wanted them to be like everyone > else, they could > simply have kept this one to themselves and hoped no > one would find it > for a couple more years, counting on most everyone > upgrading past the > vulnerability. Based on how long it went > undetected, they could have > tried that. > > On Wed, 2003-07-30 at 07:33, Jac wrote: > > As to support, I heard an interesting conspiracy > > theory related to Cisco support and the IOS flaw: > > > > The theory is that Cisco had far to many IOS > versions > > that they support in the field and in order to > reduce > > support costs they "conveniently" found this flaw > with > > the IOS software and used it to propel an upgrade > of > > all IOS system. Thus reducing the overall costs of > > support and saving Cisco a large amount of $$$$$. > > > > I have found it strange that such an easy and > > dangerous flaw has not given Cisco a black eye on > > this. Micro$oft constantly is getting beaten for > less > > dangerous flaws in their OS and other softwares, > but > > Cisco actually has gotten praise for having found > and > > published the flaws details [as limited as those > > details were]. > > > > What do you think? > > > > Jac > > > > > > "I'm not paranoid, everyone is out to get me." > > -- > James V. Fields > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
