[Dshield] Cisco 0wn3d??
frank at knobbe.us
Fri Aug 5 15:22:05 GMT 2005
On Fri, 2005-08-05 at 05:16 -0400, Rob wrote:
> The best way I've found to write signatures for Cisco exploits is to create
> a login banner and watch for that banner to be returned.
uhm... that's a signature for the banner, not the exploit :)
There are probably exploits that don't require anyone to log into the
router, so you won't see a banner. Exploits that require a login should
be contained by using proper ACLs and access restrictions in the first
Or am I missing something here? How is a TCP Option Flag Buffer Overflow
generating a banner?
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20050805/a42dc8d4/attachment.bin
More information about the list