[Dshield] Cisco 0wn3d??

Frank Knobbe frank at knobbe.us
Fri Aug 5 15:22:05 GMT 2005


On Fri, 2005-08-05 at 05:16 -0400, Rob wrote:
> The best way I've found to write signatures for Cisco exploits is to create
> a login banner and watch for that banner to be returned.

uhm... that's a signature for the banner, not the exploit :)

There are probably exploits that don't require anyone to log into the
router, so you won't see a banner. Exploits that require a login should
be contained by using proper ACLs and access restrictions in the first
place.

Or am I missing something here? How is a TCP Option Flag Buffer Overflow
generating a banner?


Curious,
Frank


-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20050805/a42dc8d4/attachment.bin


More information about the list mailing list