Re: [fw-wiz] Worms, Air Gaps and Responsibility

• Previous message: Gwendolynn ferch Elydyr: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• In reply to: Erick Mechler: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Erick Mechler <emechler@techometer.net>
Date: Mon, 10 May 2004 15:44:03 -0400 (EDT)

On Mon, 10 May 2004, Erick Mechler wrote:

> :: > I bet you'd see the same sort of behavior from worms no matter what OS the
> :: > World's critical infrastructures were to run. If they ran *NIX, you'd see
> :: > more worms targeting those OSs. There's something to be said for
> :: > heterogenous computing environments.
> ::
> :: Funnily enough, I don't recall a Cisco IOS worm with any traction...
>
> Last time I checked, it's also not considered a server/desktop platform :)

But they are critical infrastructure targets, and they're quite numerous-
both of them potentially making them attractive to disruptive folks.

Now, there are several possibilities as to why they're not often targeted
with automatic malcode:

1. Lack of platform information (obscurity.)
2. Cost of platform (availability.)
3. Specificity of device.
4. Limited scope of IOS images (IP only vs. Enterprise...)
5. Killing it kills the attacker's connectivity too.

It may just be the attacker, it may be the platform, or the lack of being
a general purpose device. Indeed, it may be a combination of all things.

There's way more Cisco devices and Linux devices than say Solaris devices
on the 'Net, but the sadmind worm was probably worse than Lion and Adore-
to me, that says something about platform exposure. Windows Server 2003
also purports to split some of the RPC risk stuff out- which at least
should help things.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Gwendolynn ferch Elydyr: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• In reply to: Erick Mechler: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: PPC 2003 Thread ... this same executable runs just fine in PPC 2002 platform. ... >> might be helpful to put some debug messages in the thread so you can tell ... >> Paul T. ... >>> Hi Tobey, ... (microsoft.public.windowsce.embedded.vc) Re: NETCF2 included but not built ... bought Platform Builder and call Microsoft. ... Paul G. Tobey wrote: ... the Platform builder 4.2 has .net compact framework 2.0 ... unpacked from the installation of that works fine in the target ... (microsoft.public.windowsce.embedded) Re: NETCF2 included but not built ... bought Platform Builder and call Microsoft. ... Paul G. Tobey wrote: ... the Platform builder 4.2 has .net compact framework 2.0 ... unpacked from the installation of that works fine in the target ... (microsoft.public.windowsce.embedded) Re: sethostname ... I wonder if MFC is responsible for that. ... an SDK generated by Platform Builder *for your device*, ... > Paul, the platform is X86 on an Advantec SBC running CE 4.2. ... (microsoft.public.windowsce.app.development) Re: PPC 2003 Thread ... this same executable runs just fine in PPC 2002 platform. ... I tried without changing the priority but, ... Try it without changing thread ... >>> Paul T. ... (microsoft.public.windowsce.embedded.vc)