主页 / 安全论文每日读 / Cisco IOS Router Exploitation
  • 作者
    GoSSIP @ LoCCS.Shanghai Jiao Tong University
  • 简介

    Cisco IOS Router Exploitation 来自BlackHat'2009。作者讨论了Cisco IOS路由器中的漏洞利用问题。

    Available Vulnerabilities

    • 2008 年Cisco Systems’ Product Security Advisory公开了14个漏洞,基本上所有的描述都是造成DoS
    • 有理由相信不是memory corruption而是 insufficient handling of exceptional states
    • Service Vulnerabilities
      • 防火墙,导致现在(2009年)攻击开始从server向client转移
      • Cisco IOS里有HTTP(S), FTP, TFTP, SSH, TELNET, 但是”For attackers seeking to gain control of important network infrastructure, such services are not of interest, as well-managed networks will not make use of such services on their core routing infrastructure.”
      • 网络设备中会使用的协议EIGRP, OSPF, ISIS, BGP
        • BGP: the service will not be visible as such to any remote network node
        • Other routing specific services, such as OSPF and EIGRP, require the network traffic to be received on an IPv4 multicast address, effectively making - sure that the sender is within the same multicast domain as the receiving router.
        • 但是Cisco IOS IP options vulnerability是一个例外
        • 其他今年加入到IOS的服务包括VoIP, SSL VPN, 包过滤Web Service Management Agent(SOAP),XML-PI和H.323
    • Client Side Vulnerabilities:But up until now, client side vulnerabilities have not played any role in Cisco IOS attacks.
    • Transit Vulnerabilities
      • triggered by traffic passing through the router
      • Transit Vulnerabilities are extremely rare.
        • 原因在于包转发通过fast-path转发,所以除了第一个包之外,其他的处理过程都通过硬件来做了。。
        • 还有一些包会被”punted”, 从硬件退回给CPU来处理,作者提了两个可能:(1)目的IP是Router自己,但是这就不再是一个Transit Vul了;(2)IP fragment reassembly
      • So far, no true Transit Vulnerability is known to the author.
  • 援引
    http://www.securitygossip.com/blog/2016/04/22/2016-04-22/
  • 提示
    本站仅做资料的整理和索引,转载引用请注明出处
相关推荐
附件下载
  • Cisco.IOS.Router.Exploitation.阅读笔记.pdf
    时间: 大小: 0.11 M 下载: 90