Developed for wide deployment in the world’s most demanding enterprise, access, and service provider aggregation networks, Cisco IOS Software Release 15 M and T provides a comprehensive portfolio of Cisco technologies, including the leading-edge functionality and hardware support from Releases 12.4 and 12.4T. Release 15 M and T key innovations span multiple technology areas, including Security, Voice, High Availability, IP Routing and Multicast, Quality of Service (QoS), IP Mobility, Multiprotocol Label Switching (MPLS), VPNs, and Embedded Management. Release 15 M and T provides customers new feature release delivery and hardware support in a shorter amount of time, broadened feature consistency, [...]

During the Black Hat USA 2009, Felix “FX” Lindner has presented his researches concerning the exploitation of memory corruption software vulnerabilitiesin Cisco IOS. “The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.” says Felix ‘FX’ Lindner in his “Cisco IOS Router Exploitation” abstract.

On February 16th, SuproNet, a local Czech provider, single-handedly caused a global Internet meltdown for upwards of an hour today. SuproNet accomplished this feat by sending out a rather unusual routing update, one which a lot of routers did not handle very well. The result was Internet bedlam. “What we think happened next is the Internet equivalent of a massive buffer overflow. While most of the core routers run by major ISPs fared just fine, processing the ridiculous path and sending it on, others choked. Perhaps they weren’t as well maintained or were running buggy software. These routers viewed the [...]

Surfing the web, I have found a nice talk on Cisco IOS Forensics and Exploits, explained during the 25C3: “Cisco IOS Attack & Defense – The State of the Art“. What is 25C3? The 25th Chaos Communication Congress (25C3) is the annual four-day conference organized by the Chaos Computer Club (CCC). It takes place at the bcc Berliner Congress Center in Berlin, Germany. The Congress offers lectures and workshops on a multitude of topics and attracts a diverse audience of thousands of hackers, scientists, artists, and utopians from all around the world. Here a summary written by FX “To summarize [...]