RE: [fw-wiz] Worms, Air Gaps and Responsibility

• Previous message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
• Maybe in reply to: Paul D. Robertson: "[fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
Date: Thu, 13 May 2004 08:33:49 -0500

Won't it be interesting when people start looking for ways to exploit
consumer appliances like Wireless Access Points, SOHO Routers, Tivos,
x-boxes, and other "set-top" boxes that are unhardened in the consumer
realm. A "set-top box", once infected, might have no way to clear its
infection short of returning it to the distributor if the programmer was
clever enough. There are a whole range of devices, with more coming on-line
everyday that are well-connected and exposed.

These boxes with common OS-variants - Linux, Windows and RTOS that will be
relatively inexpensive, so there will be access to the equipment, and common
vulnerabilities will be available and may go unpatched.

-Nate

Paul,
Even Cisco is not immune to the exploits.
http://www.enterprisenetworksandservers.com/monthly/art.php/290
While this was patched quickly by ISPs and others, it did cause intermittent
outages across the Internet for a period of time (several days). Excerpt
from article; "On Wednesday, July 16, 2003, Cisco Systems published an
advisory warning that Cisco IOS - the operating software of the most widely
used routers and switches in the world - was carrying a vulnerability that
could put any unprotected IOS device out of order. Two days later, an
"exploit" was published on a public mailing list, where hackers explained in
detail how to reproduce the very packet sequence that would allow anyone to
"exploit" the vulnerability and bring any unprotected device down."

Then there was the Nimda worm which affected Cisco Cable Modem devices (800
Series), while not critical infrastructure, this disrupted many households
Internet Access.

I think it is fair to say any OS has had it's share of vulnerabilities over
the years (some more than others in terms of numbers, but that does not
necessarily account for the severity). A good share of these have allowed
remote execution of code(System=Owned). Some Historical Examples; Sadmind
for Solaris, Rootkits for Unix taking advantage of Portmapper flaws,
Nimda/CodeRed and Slammer for MS. There are many others, these are just some
off the top of my head. To say that any one of these is worse than the other
is simply favoritism as they all allowed Root/Administrator access to the
system.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
• Maybe in reply to: Paul D. Robertson: "[fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]