I should not be too aware of the possible usage of this source code for the exploit development; Cisco have a very few points, where it parse/process IP packets, and most of such points are filtered out in most Cisco's. Much more serious is _trade secrets_ issue. Of course, no one can take this codes and use them on their equipment, or grab library and reuse it. But, unfortunately, Cisco's codes should have many small tricks, smart design solutions and so on, which makes IOS so efficient, and this things can be reused by competitors (unfortunately for Cisco, only a few West countries respect author's rights, in other people are free to purchase this source codes from the hacker and use as much as they do want). (Of course, this leak can result in a few more SNMP exploits - but it is well known Issue /it is impossible to write out safe code for ASN.1 parser, in real world/ - what's a surprise!). ----- Original Message ----- From: "Scott Call" <scall@devolution.com> To: <nanog@merit.edu> Sent: Sunday, May 16, 2004 1:02 AM Subject: Re: CiSCO IOS 12.* source code stolen
On Sun, 16 May 2004, Henry Linneweh wrote:
You do not have to steal the code, you can buy a cisco router from an equipment reseller and have all the access you want.....
I wasn't aware you got a source license when you purchased Cisco gear. I need to have a talk with my reseller...
smart-assitude aside, I do hope fallout is minimal and easily worked around. Hopefully even the script kiddies and other black hats understand that undermining the infrasture of the 'net would make all of their DDOS and SPAM zombies unusable.
-S
-- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814