Im sure the majority if you know who this is but for those who dont here is a quick explanation. He is a security researcher who used to work for ISS, he quit his job in order to explain a security breach within Cisco's routers. He made his presentation at a Black Hat security conference and proved that hackers could control the Cisco IOS. He never really gave out any information that people didnt know before, but he just proved that hacking into it was possible. Now that around 80% of all routers are Cisco routers, it obviously created a huge security concern and Cisco has been working 24/7 to try to patch this problem. Anyway a gag order has been put on Mr. Lynn and his presentation has been banned from public access(although pictures and pieces of it still drift around on the net). Anyway I thought it was kind of a cool story and was wondering what all of you thought about it.
it's pretty interesting in my opinion, because it's a very conventional attack (buffer overflow to insert commands allowing enabled access). first of all it's only on ipv6 so there's not too much of a threat there. also, cisco released a patch for it but the nature of the fix is unknown. whether it's memory remapping so you'd have to re-reverse engineer it to find out where to send data for control, or an actual reworking of the ios to avoid those overflows. personally i think if cisco hadn't made such a big deal about it and just patched quickly, there wouldn't have been such a big buzz and spread of the exploit. but yeah, that's my 2 cents.
i emailed the story to mr. tolton on august 3rd. he never replied, as was expected.
And I think cisco wouldnt have stepped in, if it wasnt for Mr. Lynn presenting it at a public place.
Here is a related article I saw on wired news
http://wired.com/news/privacy/0,1848,69488,00 … _tophead_5
Here is a related article I saw on wired news
http://wired.com/news/privacy/0,1848,69488,00 … _tophead_5
anyone have a copy of the presentation? i'm having quite the time trying to find it.
probably because it's exactly what the largest networking firm doesn't want you to see
sorry I tried getting a copy, but I couldnt find it either
they issued gag orders on toms hw and others after they had it online but i've heard there are copies in circulation esp on bittorrent. i was just hoping someone grabbed it before it was taken down.
nice work, its a very interesting presentation. I could also use some programming knowledge to fully comprehend it.
as with most hacks that relate to computers.
yeah. the code (structs/ptrs/decs) are all in C, it seems