If we assume that the router mentioned in the following cracking incident is a popular model we all use: what other than zapping the FlashROM could this attacker have done? We all know that <big popular vendor>'s firmware source code has hit the pirate BBS's a year or two back : could someone have compiled a rogue image that can actually fry some router components (I can think of plenty of nasty things with serial ports transmitting too fast for their own good - and burn the driver chips) ? http://www.denverpost.com/business/biz1012d.htm
By the way that article reads, I would guess the attack was not exceptionally sophisticated. (Everyone's definition of sophisticated is different). If one removed the config-reg (or renamed it) function on a small Cisco's firmware one could quite effectively change the passwords and make it difficult for a not very technical group of admins to take it back. Since there is talk about moving their main router behind a firewall, my guess is that they are using a routing appliance rather than any sophisticated routing hardware. The $18,000 replacement is probably for a different vendor, not because the hardware has lost function. This is all wild conjecture because I haven't seen any alerts from vendors in their normal channels. :) Deepak Jain AiNET On Thu, 12 Oct 2000, Kai Schlichting wrote:
If we assume that the router mentioned in the following cracking incident is a popular model we all use: what other than zapping the FlashROM could this attacker have done? We all know that <big popular vendor>'s firmware source code has hit the pirate BBS's a year or two back : could someone have compiled a rogue image that can actually fry some router components (I can think of plenty of nasty things with serial ports transmitting too fast for their own good - and burn the driver chips) ?
On Thu, 12 Oct 2000, Deepak Jain wrote:
By the way that article reads, I would guess the attack was not exceptionally sophisticated. (Everyone's definition of sophisticated is different).
If one removed the config-reg (or renamed it) function on a small Cisco's firmware one could quite effectively change the passwords and make it difficult for a not very technical group of admins to take it back.
Since there is talk about moving their main router behind a firewall, my guess is that they are using a routing appliance rather than any sophisticated routing hardware. The $18,000 replacement is probably for a different vendor, not because the hardware has lost function.
This is all wild conjecture because I haven't seen any alerts from vendors in their normal channels. :)
Deepak Jain AiNET
I would tend to agree.
From the DenverPost:
"Eagle Network, which has an environmental bent, services 100 Web sites and has 220 customers for its e-mail service, eagle-access.net." I feel bad for these folks. I don't know of many 25xx/26xx (guessing) based providers who keep hot-spares on site but I'm fairly certain that they could have obtained a temp-replacement router of nearly any make and configuration for the cost of shipping during that timespan. --- John Fraizer EnterZone, Inc.
participants (3)
-
Deepak Jain
-
John Fraizer
-
Kai Schlichting