Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
To: Valdis.Kletnieks@vt.edu Date: Wed, 18 Feb 2004 18:36:47 +0100
> We don't see dedicated and targeted attacks at 4 million cablemodem users
> designed to drop off trojans, ddos zombies, and similar.
Sure. I wasn't claiming that worms don't get deployed, neither that they do
not pose a huge problem. My point was rather that the fact something might
not be an addressable target for a worm it doesn't automatically make it an
unattractive target altogether. Just because it can't be mass-exploited,
doesn't mean people are not going to use it as an entry point.
We haven't seen worms for a whole bunch of Unix vulnerabilities that pretty
much appeared in all variants, free or not. Still, these are being actively
exploited on a daily basis.
The fact that these things are not maxing out people's bandwidth or just
make the machine blatantly unusable sure makes them less noticed. However,
if you care about the specific security of data on your network, they're at
risk all the same. In this regard (beat me for this), worms like MSBlaster
sure did have security-enhancing side effect, because people patched their
boxen that otherwise wouldn't have even thought about it - or noticed.
> Many of the worst "dedicated and targeted attacks" of late presuppose the
> presence of a zombie net - preventing the formation of such a net then makes
> the attack a lot harder to carry out.
I'm not talking about DDoS, and a zombie net isn't necessary to obfuscate
the origin of your actions. I mean the 'find target, strike, cover your ass'
sort of attack. VoIP installations sure is an attractive target for such
operations, don't you think?
> And for that matter, installation of a keystroke logger to sniff out credit card
> numbers *IS* a dedicated and targeted attack - on the credit card system.
I don't quite get your point here - did I claim anything else?
Full-Disclosure - We believe in it.