[tptacek]

The point of EXTRABACON isn't to break into networks protected by an ASA; it's to persist onto that network by infecting the firewall after you manage somehow to bypass it. It's of a kind with exploits for other firewalls through management interfaces that can't be reached on the public interface.

[moyix]

Still, I wonder how long before we see it weaponized by adding this as a payload to ordinary desktop malware. A nice trick would be something that scans the local network, infects the ASA (people are pretty good about keeping SNMP off the internet, possibly less good about keeping it off the internal interfaces), and then does HTTP injection from the ASA with SecondDate of either a malicious or advertising payload.