By Kelly Jackson Higgins
March 24, 2009
The dirty little secret about patching routers is that many enterprises
don't bother for fear of the fallout any changes to their Cisco router
software could have on the rest of the infrastructure. But the recent
discovery of a way to easily hack the devices has turned upside down
conventional wisdom that patching routers is more of a risk than an
actual attack on these devices.
Researcher Felix "FX" Lindner's research earlier this year demonstrated
that multiple versions of routers can be attacked -- specifically,
Cisco's PowerPC routers -- shooting down the assumption that hacking
routers requires separate exploits for each type of router. Enterprises
traditionally have been content to avoid patching their Cisco routers
because the chances of a major breach was less likely than the
possibility of an unintentional outage from a router update.
"The underlying problem is that you cannot patch IOS -- you always need
to update the entire image. And with this comes all kinds of
compatibility issues with your configuration, hardware, and setup," says
Lindner, a researcher with Recurity Labs.
Lindner demonstrated with his research that all an attacker needs is
basic knowledge about the targeted device, rather than specifics of the
IOS configuration. His exploit method applies to stack-buffer overflows,
and he was able to execute memory writes and to disable CPU caches on
Cisco routers running on the PowerPC CPU.
Best Selling Security Books and More!