Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Dan Kaminsky (dandoxpara.com)
Date: Thu Jul 01 2010 - 11:38:55 CDT
And this is why BreakingPoint matters: Because, oh man, network people let
manufacturers get away with shipping some really fragile code.
If a Windows desktop fell over because you looked at it funny -- and lets be
honest, nmap -sV is quite literally, looking at something funny -- it'd be
an unambiguous remote DoS and we'd laugh at Microsoft if they said we should
deploy best practices to deal with it. Now, if the networking equipment in
question was a $75 Linksys router, sure. There's a million ways to knock
those things over, and you get what you pay for.
But genuinely expensive gear? Some of that budget needs to start going into
On Thu, Jul 1, 2010 at 1:07 PM, Dobbins, Roland <rdobbinsarbor.net> wrote:
> On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:
> > If a device crashes when being scanned - it's a vulnerability.
> It sounds to me as if what happened was that he ended up driving the CPUs
> of the devices in question to 100%, and they stopped handling control-plane
> traffic and fell over. There are infrastructure self-protection best
> current practices (BCPs) which can be deployed to defend against
> infrastructure-targeted DoS.
> I've only seen this happen a few hundred times or so, so I could be wrong,
> of course.
> As the original poster posited:
> > Is this a configuration error of the networking devices?
> The answer is, almost assuredly, "Yes."
> Roland Dobbins <rdobbinsarbor.net> // <http://www.arbornetworks.com>
> Injustice is relatively easy to bear; what stings is justice.
> -- H.L. Mencken
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/