[Dshield] Cisco 0wn3d??

Rob PacketHunter at comcast.net
Fri Aug 5 09:16:10 GMT 2005


Mark,

The best way I've found to write signatures for Cisco exploits is to create
a login banner and watch for that banner to be returned.  As long as you use
the same unique character string in all Cisco products, its relatively easy
to do. 


--Rob 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Mark
Sent: Thursday, August 04, 2005 9:00 PM
To: list at lists.dshield.org
Subject: [Dshield] Cisco 0wn3d??

Sorry, but I've been a bit busy.

What is the general feeling regarding recent events? I received email from
Cisco advising me that my account has been reset. I understand that there
was an "issue"
with their support server.

I did some googling and have seen a couple of whitepapers and videos of how
to compromise a Cisco (we're talking posted on Aug 2) router using some
older exploits. Given a lot of the buzz on NANOG, there seem to be many
potentially exploitable routers out there.

I'm trying to put together a risk analysis for several clients; based on
several of the potential older vulnerabilities. I'm also working to verify
some of the papers to understand the technical difficulty and hopefully
assemble some IDS signatures based on "known" techniques.

Has anyone done similar work or am I just paranoid?

Thx,

Mark

PS: I'm a Digest subscriber so I apologize if there is a current thread that
I haven't seen yet.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list