A credible plan to take down the Internet

I thought this article might be of interest to the DU community. I don't think CNET is a wacko source for computer/internet security issues.

I wasn't sure where to post this, so here it is:

A credible plan to take down the Internet
By Robert Vamosi
Senior editor, CNET Reviews
August 5, 2005


Forget the Fantastic Four. As I write, the forces of Good (the White Hats) and Evil (the Black Hats) are fighting for control of the Internet as we know it. At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis. Once a working exploit for the Cisco IOS Shellcode is available on the Internet, it'll be only a matter of days before someone finds a way to craft it into a network worm. And then it's going to be a rough ride for everyone who uses the Internet. Unless, of course, the forces of Good prevail.

Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist. All indications suggest that the clock is ticking toward some kind of showdown between criminal hackers and the good guys. Unfortunately, the bad guys have a head start.

At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis.

The threat
Prior to this year's Black Hat security conference, security researchers and network administrators assumed that Cisco routers were invincible, a reputation that surely helped lead to the widespread adoption of Cisco routers across the Internet. The Cisco operating system is proprietary, and much of the specific internal hardware in the Cisco router is undocumented. Until recently, the idea of penetrating the Cisco Shellcode via remote access was fanciful. That was before security researcher Michael Lynn stepped up the lectern at this year's Black Hat conference, and after first stumbling through a deliberately faux presentation on VoIP security, proceeded to describe some (but not all) of his research to a skeptical audience. During his presentation, Lynn offered a quick demo of how he could access the root of a Cisco router remotely. Like the first runner breaking the four-minute-mile mark, Lynn emboldened other researchers to go out and see for themselves.

<snip>

Article here:

http://reviews.cnet.com/4520-3513_7-6282711-1.html?tag=nl.e497

Which has now been compromised. I have always considered Cisco a bad solution to the routing problem, but perhaps I don't know all I ought about that. Nevertheless, routing is a fairly simple problem, packets come in and you do one of a small number of things with them, all in the kernel one would hope. There is no need for any open ports at all, and that would be the most secure situation. That being so, any machine with a secure TCP/IP stack configured with no open ports should do the job, as long as you have the performance you need too.

What a dn't know about digital could fill volumes....

...the Cisco IOS on the level that has been done in the past with Microsoft IIS, that would be very, very, disrupting. We often talk about the concept "Defense in Depth" in Network Security, what we should be talking about is "Defense in Breadth".