[Full-disclosure] Cisco IOS Shellcode Presentation
security at brvenik.com
Fri Jul 29 21:52:45 BST 2005
> Second, the exploit is limited to local network segment, except it seems to
> me a worm that spreads from router to router could spread via the local
> network since a local network segment is usually defined as the wire between
> two routers.. Infection would spread from one router to it's peers, to those
> peers, etc. (please correct me if I'm wrong)
The different local segments are rarely connected via like routers with
like images. You might get several local segments but then you have the
edges which are almost always a different model.
Today it is unlikely that the ipv6 issue could cause wide spread outage
since it cannot traverse routers. There may very well be other issues
discovered that can traverse routers but they are still unlikely to be
successful as a self propagating worm in large scale.
It is likely very feasible to infect like systems and even potentially
several different systems with a worm but the overhead and timings
involved push that reality out a little bit on the threat time line. A
nation might have done this work already but I am doubtful they would
release it without good cause.
The risk goes up significantly when Cisco moves to a virtualized process
space since become very likely.
Full-Disclosure is hosted and sponsored by Secunia.