Feb
3
2009
Valentine’s Day – Any ideas?

What do you hope to receive from your love one? A romantic dinner, a Cd, a perfume, a PDA or a iPhone? I think that Cisco may just give you the idea that you need. :-)

Jan
29
2009
The PPDIOO network lifecycle

One of the first topic presented in the “Designing for Cisco Internetwork Solutions (DESGN)” book is about the network design methodology. This methodology is composed by six phases closely related: prepare, plan, design, implement, operate, optimize. As show in this figure, the PPDIOO lifecycle phases are separate, yet closely related.  

Jan
26
2009
Cisco IOS: Attack & Defense

Surfing the web, I have found a nice talk on Cisco IOS Forensics and Exploits, explained during the 25C3: “Cisco IOS Attack & Defense – The State of the Art“. What is 25C3? The 25th Chaos Communication Congress (25C3) is the annual four-day conference organized by the Chaos Computer Club (CCC). It takes place at the bcc Berliner Congress Center in Berlin, Germany. The Congress offers lectures and workshops on a multitude of topics and attracts a diverse audience of thousands of hackers, scientists, artists, and utopians from all around the world. Here a summary written by FX “To summarize […]

Jan
22
2009
2 new Cisco critical vulnerabilities

On 21 January 2009, Cisco has published two new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. The two vulnerabilities are: Cisco Security Manager Vulnerability and Cisco Unified Communications Manager CAPF Denial of Service Vulnerability. 1) Cisco Security Manager Vulnerability Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. Cisco […]

Jan
21
2009
How to test Cisco IOS FTP Server Multiple Vulnerabilities

On 09 May 2007, Cisco published a Security advisory about multiple IOS FTP Server vulnetabilities. Cisco IOS FTP Server is prone to multiple vulnerabilities including a denial-of-service issue and an authentication-bypass issue. Attackers can exploit these issues to deny service to legitimate users, gain unauthorized access to an affected device, or execute arbitrary code. Only IOS devices that have the FTP Server feature enabled are vulnerable; this feature is disabled by default. The vulnerable produtcs are IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4 contain the IOS FTP server feature.

Jan
19
2009
Preventing STP forwarding loops
stp_loops_2

The Spanning Tree Protocol is an OSI layer-2 protocol that ensures a loop-free topology for any bridged LAN. Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links. Bridge loops must be avoided because they result in flooding the network. The Spanning Tree Protocol (STP), is defined in the IEEE Standard 802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and […]

Jan
15
2009
3 new Cisco critical vulnerabilities

Yesterday Cisco has published 3 different vulnerabilities, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Cisco ONS Platform Crafted Packet Vulnerability The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card.

Jan
13
2009
DOCSIS 3.0: Modems Over 300 Mbps

Cisco Systems is developing a cable modem that will use Broadcom’s recently announced DOCSIS 3.0 silicon to bond together eight downstream channels – letting cable providers, theoretically, pump Internet content down to subscribers at more than 300 Mbps. According to Bekele, the idea with the eight-downstream-channel devices is to let cable operators future-proof their installed base of DOCSIS modems. So while a cable operator wouldn’t necessarily introduce a 300-Mbps Internet tier initially, that latent capacity would be available down the line.

Jan
8
2009
Wireless Home Audio system

During the CES show, Cisco did just that with its new Linksys by Cisco Wireless Home Audio system, a multi-room audio solution that will be positioned as a direct – and less expensive – competitor to the Sonos multi-room wireless system. The Wireless Home Audio system utilizes Wireless-N technology to deliver a rich audio experience to any room in the home. Users can create a party atmosphere with immaculate synchronization when listening to the same song throughout the entire home, or send different music to customized “zones”.

Jan
7
2009
Cisco Global Site Selector Appliances DNS Vulnerability

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products The following GSS products are affected by this vulnerability: Cisco GSS 4480 Global Site Selector Cisco GSS 4490 Global Site Selector Cisco GSS 4491 Global Site Selector Cisco GSS 4492R Global Site Selector