Slashdot Mirror
Malformed Packet Causes Cisco Router DoS
MoreBeer writes "Patch 'em if you've got 'em... Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload states that a malformed OSPF packet can cause a router 'reload' (reboot). Vulnerable IOS versions include 12.0S, 12.2, and 12.3 ... If you're not screening OSPF at your perimeter and using OSPF Authentication, now would be a GREAT time to start."
I notice that Cisco isn't displaying this on their front page. It seems like they should be screaming for everybody to fix the problem.
Quick walkthrough that I usually reference:
Easy example how to setup OSPF Authentication
AC
Linux is secure.
Waited too longs, we didss....
Before someone has a chance to reset my r
Kinda old news actually - the article posted @ 15:00GMT, which is 8:00am my time. But I drank too much beer last night so I wasn't awake...:)
I was in the park the other day wondering why frisbees get bigger and bigger the closer they get - and then it hit me.
All your routers are belong to us.
at the risk of stating the obvious: if you were a new customer and went to a company's site and it was splattered with all manner of warnings, update calls, and exploit workarounds....would you buy that product?
If you have a cisco, you should already know where the errata, update, exploit-watch pages are and read them everyday. You should already know this. Why would cisco put that shit on the front page?
Don't problems like this only happen to Microsoft?
Patch 'em if you've got 'em...
What a crock of shit. Everybody knows Cisco boxes are no route to host
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
May I recommend OpenBSD with carp as a alternative.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first
organization which gathers GAY NIGGERS from all over America and abroad for one
common goal - being GAY NIGGERS.
Are you GAY [klerck.org]?
Are you a NIGGER [mugshots.org]?
Are you a GAY NIGGER [gay-sex-access.com]?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER
ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy
all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing
GAY NIGGER community with THOUSANDS of members all over United States of
America and the World! You, too, can be a part of GNAA if you join
today!
Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org], a popular "news for trolls" website.
Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up
today! Upon submitting your application, you will be required to submit
links to your successful First Post, and you will be tested on
your knowledge of GAYNIGGERS FROM OUTER SPACE.
If you are having trouble locating #GNAA, the official GAY NIGGER
ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network.
The correct network is NiggerNET, and you can connect to
irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.
If you have mod points and would like to support GNAA, please moderate this post up.
It would be better if it was a tad darker, and maybe a little less saturated.
I had to look it up. OSPF
Can't you smell/take a joke?
GNAA announces hostile takeover of Electronic Arts Zeikfried - Reuters, Nigeria. In a hushed press conference held at the GNAA compound in blackest Nigeria, the cream of the journalistic crop from IGN, Gamespot, Gamespy and various other overpriced ad-infested shitholes gathered from across 4 continents to witness what has been described as the most shocking announement of the post-E3 market. The purchase of a controlling stock of industry leading publisher Electronic Arts by the increasingly aggressive venture capitalists of the GNAA. After keeping the illiterate troglodytes waiting for several hours, leading GNAA members Timecop, Penisbird and goat-see, along with Electronic Arts president and CEO John Riccitiello, pulled up in the specially commisioned GNAA Limo, now fully armoured to protect from the ever present threat of terrorism from zionist #politics oppers. All four were, as usual, stark naked due to the searing Nigerian heat, and were instantly greeted by a cacophony of flashbulbs and excited chatter from the wretched sodomites and college dropouts that populate the world of gaming, including a shower from the furiously masturbating IGN editor Matt Cassamassina. "This is a new day for Electronic Arts" exploded the now fully erect Riccitiello, "and a new day for the Gay Nigger Association of America. Now no longer will the significant Gay Nigger minority be ignored by the racist cartels and Japanese Xenophobes that hold a tight noose on the gaming industry." Shortly afterwards, following a brutal anal violation by nordic Gay Nigger DiKKy, the now broken and bleeding John Riccitiello was replaced by the newly appointed head of the GNAAs gaming devision, Zeikfried Tuvai. "This change is no mere financial step, or a changing of the guard, this will be an absolute fucking revolution. Work on our titles has already begun, I shit you not." Tragically the conference was then cut short by a failed assassination attempt on the GNAA leadership by efnet #politcs opper and known fascist paedophile "Pickle", who was quickly disarmed by GNAA security and silenced by a large black phallus. However a press release has been issued to Reuters and the Associated Press, and is as follows: Shitflood Gaia (GC/PS2/Xbox) Q4 2004 - A management sim, where the otaku scum of internet have gathered into a single drinking hole for quick extermination. The player must control his assets wisely to gain the maximum number of bites from the unsuspecting and unintelligent regulars in order to max out his LastMeasure meter and gain access to his most potent weapon, floodphpbb. Americas Army - Operation #politics (PC (Windows Only)) Q4 2004 - GNAA/EA and the armed forces of the United States of America unite to bring the reality of the T.W.A.T to your Windows box this Christmas. This third-person shooter throws you in charge of the GNAA efnet black ops, as you struggle against corrupt IRC operators, Mossad agents, Nick Berg's head and eventually FreeTrade himself in an explosive struggle in the name of freedom and democracy. Penisbird's Cock Perch Panic (GBA) Q1 2005 - A coup by OSDN shock troops threatens to overthrow the President, defeat the unwashed scum by guiding Penisbird onto their prone member, disarming them once and for all. As you move through the levels you must dodge traps laid by the increasingly desperate CmdrTaco, including CowboyNeal himself. Can you dodge his sentient rolls of lard to perch on CowboyNeal's notoriously miniscule penis? Find out for yourself in 2005! About EA: Electronic Arts (EA) is the world's leading independent developer and publisher of interactive entertainment software for personal computers and advanced entertainment systems such as the PlayStation®2 Computer Entertainment System, the PlayStation®, Xbox(TM) video game console from Microsoft, the Nintendo GameCube(TM) and the Game Boy® Advance. Since its inception, EA has garnered more than 700 awards for outstanding software in the U.S. and Europe. EA markets its products worldwide under four brand logos and has over 33 product franchis
What a great time to post a link to www.routergod.com! Here are the two parts of Seven of Nine's lecture on OSPF:
http://www.routergod.com/sevenofnine/
http://www.routergod.com/sevenofnine/ospf_part_2.h tml
Just use static routes!
I don't have to patch a single router. We don't use OSPF and it isn't turned on by default. This isn't like there is some hidden service that I'm not expecting the device to be running and now I must absolutely patch.
I don't want knowledge. I want certainty. - Law, David Bowie
GNAA announces hostile takeover of Electronic Arts
Zeikfried - Reuters, Nigeria.
In a hushed press conference held at the GNAA compound in blackest Nigeria, the cream of the journalistic crop from IGN, Gamespot, Gamespy and various other overpriced ad-infested shitholes gathered from across 4 continents to witness what has been described as the most shocking announement of the post-E3 market. The purchase of a controlling stock of industry leading publisher Electronic Arts by the increasingly aggressive venture capitalists of the GNAA.
After keeping the illiterate troglodytes waiting for several hours, leading GNAA members Timecop, Penisbird and goat-see, along with Electronic Arts president and CEO John Riccitiello, pulled up in the specially commisioned GNAA Limo, now fully armoured to protect from the ever present threat of terrorism from zionist #politics oppers. All four were, as usual, stark naked due to the searing Nigerian heat, and were instantly greeted by a cacophony of flashbulbs and excited chatter from the wretched sodomites and college dropouts that populate the world of gaming, including a shower from the furiously masturbating IGN editor Matt Cassamassina.
"This is a new day for Electronic Arts" exploded the now fully erect Riccitiello, "and a new day for the Gay Nigger Association of America. Now no longer will the significant Gay Nigger minority be ignored by the racist cartels and Japanese Xenophobes that hold a tight noose on the gaming industry."
Shortly afterwards, following a brutal anal violation by nordic Gay Nigger DiKKy, the now broken and bleeding John Riccitiello was replaced by the newly appointed head of the GNAAs gaming devision, Zeikfried Tuvai.
"This change is no mere financial step, or a changing of the guard, this will be an absolute fucking revolution. Work on our titles has already begun, I shit you not."
Tragically the conference was then cut short by a failed assassination attempt on the GNAA leadership by efnet #politcs opper and known fascist paedophile "Pickle", who was quickly disarmed by GNAA security and silenced by a large black phallus. However a press release has been issued to Reuters and the Associated Press, and is as follows:
Shitflood Gaia (GC/PS2/Xbox) Q4 2004 - A management sim, where the otaku scum of internet have gathered into a single drinking hole for quick extermination. The player must control his assets wisely to gain the maximum number of bites from the unsuspecting and unintelligent regulars in order to max out his LastMeasure meter and gain access to his most potent weapon, floodphpbb.
Americas Army - Operation #politics (PC (Windows Only)) Q4 2004 - GNAA/EA and the armed forces of the United States of America unite to bring the reality of the T.W.A.T to your Windows box this Christmas. This third-person shooter throws you in charge of the GNAA efnet black ops, as you struggle against corrupt IRC operators, Mossad agents, Nick Berg's head and eventually FreeTrade himself in an explosive struggle in the name of freedom and democracy.
Penisbird's Cock Perch Panic (GBA) Q1 2005 - A coup by OSDN shock troops threatens to overthrow the President, defeat the unwashed scum by guiding Penisbird onto their prone member, disarming them once and for all. As you move through the levels you must dodge traps laid by the increasingly desperate CmdrTaco, including CowboyNeal himself. Can you dodge his sentient rolls of lard to perch on CowboyNeal's notoriously miniscule penis? Find out for yourself in 2005!
About EA:
Electronic Arts (EA) is the world's leading independent developer and publisher of interactive entertainment software for personal computers and advanced entertainment systems such as the PlayStation®2 Computer Entertainment System, the PlayStation®, Xbox(TM) video game console from Microsoft, the Nintendo GameCube(TM) and the Game Boy® Advance. Since its inception, EA has garnered more than 700 awards for outstanding software in the U.S. and Europe.
EA markets its products worldwide under
Life as we know it would end....
lunix fanb0yz suck
free longhorn key hear
WONGY-BONGY-DONGY-QOMGY-PONPY
Fuck you RAB MALTA
conf t
access-list 150 deny ip 10.0.0.0 0.255.255.255 any
access-list 150 deny ip 127.0.0.0 0.255.255.255 any
access-list 150 deny ip 169.254.0.0 0.0.255.255 any
access-list 150 deny ip 172.16.0.0 0.15.255.255 any
access-list 150 deny ip 192.168.0.0 0.0.255.255 any
access-list 150 deny ip 224.0.0.0 15.255.255.255 any
access-list 150 deny ip 240.0.0.0 7.255.255.255 any
access-list 150 deny ip 248.0.0.0 7.255.255.255 any
access-list 150 deny ip host 255.255.255.255 any
access-list 150 deny 89 any any
access-list 150 permit ip any any
interface
ip access-group 150 in
exit
exit
wr mem
when the coverage isn't great, receiving txt messages makes my cell phone reboot several times.
Unless you're buying those dumb-ass phones, cisco doesn't care about you. Router?? What's that..oh you MUST mean "integrated voice gateway" right?
BWAHAHAHAH..
:P
Security holes are funnny. It'll be funnier when I wake up one day and find out that the Internet broke.
To be honest, if this causes trouble for you then it's your own damn fault. If you accept OSPF packets from the Internet and/or you're not doing OSPF authentication then you deserve to be pwned.
1. Don't use an IGP on an exterior interface.
2. Don't send out routing updates on subnets/interfaces that don't need it. (For those of you with L3 switches that means using the passive-interface command on your vlans.)
3. If your routing protocol offers an authentication option then use it.
I used to think these things were obvious. Then I started interviewing other "senior" network engineers and realized they may not be...
(BTW, kiddies, if you say you're a "senior network engineer" and you say that you know OSPF and I ask you if OSPF uses multicast or unicast and when does it use it/them then you had better be able to answer the question...)
"Where quality is like a dead stinking rat - you just can't miss it."
If you're not screening OSPF at your perimeter and using OSPF Authentication, now would be a GREAT time to start.
No, it's actually a horrible time to start! People should already be doing this.
Here you go!
-Rob
Marriage doesn't have to suck!
Seems like the kind of flaw that Alcatel hopes to profit from...
Alcatel hopes security will get users to switch
Although as we all know if Alcatel was the market leader more people would be finding flaws in Alcatel products instead of Cisco...
All the torrents you could want.
Malformed color scheme Causes Eyes to Bleed
/. sections include IT and Games. If you're not already using a /. deuglifyer, you should use the fix provided here."
"Slashdot Security Advisory: Slashdot Color Scheme states that a malformed IT Color Scheme can cause a eyes to 'bleed' (fall out). Vulnerable
A few years ago I worked at a place where we had two Cisco PIX (the 1U widgets, dunno what model, sorry) in a failover configuration. For those that don't know, you can run two kinds- stateful and non-stateful failover.
In stateful failover mode, the two units share their connection state info over a dedicated ethernet crossover cable- in theory, if one unit's hardware shits the bed, the other one immediately notices and takes over, and all users will notice is maybe a few seconds pause in everything, if that. It's all very clean and good, the slave even takes over the MAC address of the failed unit (something they've patented, and hence isn't useable in Linux HA; Linux has to force an ARP announcement, which is messier. Goooooo Cisco!)
Anyway, that's great, except when you have a software defect. Oh, say...where the PIX OS (PIXes didn't run IOS or whatever, they ran a separate OS unique to the PIX family) gets into a certain situation based on state and locks up hard.
Well, guess what happens to its twin, running the same PIX OS version, and sharing the same data? Yup, it crashes too.
The pair actually did it once right in front of us- one stopped blinking its lights...the master/slave light blipped on the backup unit, and then a few seconds later, it too crashed- and everything ground to a halt.
It was terribly amusing that Cisco was incompetent enough to not include a hardware watchdog in the PIX box so that if it hung it would reboot itself; my Sonicwall SOHO has this, why can't a PIX for chrissakes? The problem only happened every few days, and would have been manageable(ie ignorable ;-) if they had both simply rebooted themselves. Instead, someone had to trundle in and power cycle both of them, until we figured out that it was state-based, and disabled stateful failover. Then someone just had to check every day to make sure one of them hadn't kicked the bucket.
Please help metamoderate.
http://shit.slashdot.org/article.pl?sid=04/08/18/2 050220&threshold=-1&tid=172
WTF is OSPF?
TAC is a little shell script that pretends to correspond with you a little bit, then tells you to upgrade your IOS. Seriously, I've opened a lot of tickets with TAC in the last few years and that has been their answer in every single one.
At least they could have used perl or something so the correspondence part didn't take as long.
shout the loudest sho8t of a miracle
Step 1.) Tell customer to upgrade ios even though you cannot pin point a root cause or data that supports this as a reasonable solution.
Step 2.) Tell customer they have a worm running rampant in the network. When asked by the customer why you think this is the case, do not repond for several days. When you do respond, ask only if they have taken care of the worm.
CINCINNATI BELL IS TEH SUCK.
A color scheme worse than IT!
And not just a little worse.
This well reported several months ago.
So I recomend ppl to go study the noncomercial docs (books specs rfcs papers whatever) FIRST, then do the manuals. Else you don't know for real how things work. You're almost a certified acronym freak.
Very dangerous how nowadays the default to get a "network admin" is looking just for CCNA or CCIE or whatever thing they make up. Not even M$ has a hold of a market like this. Compare in contrast programming (pick language), unix admin... Though i wouldn't be surprised the Java world does the same trick; they have that attitude.
Also, don't you think its a very bad situation where most internet termination ends up on one single company? When they start to own standards comitees and thus decide what gets in or out? I have very bad experience dealing with this kind. They don't have the researcher's view, or the ppl who do it just because they like the subject.
IMHO this is companies taking over. With all what that implies. And no government or organization is putting a limit. And the user base doesn't respond as on other cs areas. It feels quite sad for some of us.
I have a PIX 501-- is it affected by this vulnerability? It's hard to tell from the report..
Not All Who Wander Are Lost
I've noticed a few sites aren't displaying *anything* on their front pages. Lots of amateurs out there with broken networks today...
future. Even EFNet servers.
Futu8e. Even
So, does this count as a chernobylgram?
TTFN
I don't see where the article details that an adjacency is necessary. Maybe you could point that out for me? I see 'a malformed packet' as in one packet, received by the router.
CINCINNATI BELL IS TEH SUCK.
IIRC, the PGP client sent out some sort of malformed LDAP packets when it sent its key to the server. I managed to crash my university's router something like 19 times before I realized it was me. I cut off all Net access for days, people were fuming. Maybe this was it.
BGP outside, OSPF inside, and firewall in between. Authenticated OSPF isn't a fix, MD5 has ben broken too.
Comment removed based on user account deletion