Hacker News new | ask | show | jobs
by rodgerd 3840 days ago
> some type of exploit for the Cisco ASA as well

Given ASAs run a 2.6 kernel that's not hard. From my Kiwicon 8 notes on Alec Stuart-Muirk's talk:

* Literally every protocol handler has CVEs against it.

* Every time Cisco add a new one it gets at least a DOS CVE. (There are some proofs of concept for pivoting these into real exploits on other Cisco products.)

* The ASA’s high availability protocols are unauthenticated and unencrypted. This is bad. Like, “will accept any packet claiming to be a management packet as valid” bad.

* Some authentication is optionally available, but if you enable it, the ASA will still accept unauthenticated protocols.
2 comments
BuildTheRobots 3839 days ago
I this this might be the slides [1] -though if anyone has a video of the talk I'd love to watch it.

[1] https://ruxcon.org.au/assets/2014/slides/Breaking%20Bricks%2...

link
jlgaddis 3839 days ago
Because they can (allegedly) survive software upgrades (on the ASAs and IOS routers), I've always believed that these "infections" are done at a lower level than the OS, such as in the ROMMON on the IOS routers.

After hearing about "SYNful Knock" recently, I'm inclined to believe this even more.

link