All your routers are belong to us

Major Variola (ret) mv at
Wed Jul 27 18:49:47 PDT 2005

Take da subway, its da bomb

LAS VEGAS--Cisco Systems has taken legal action to keep a researcher
from further discussing a hack into its
router software.

The networking giant and Internet Security Systems jointly filed a
request Wednesday for a temporary restraining order
against Michael Lynn and the organizers of the Black Hat security
conference. The motion came after Lynn showed in a
presentation how attackers could take over Cisco routers--a problem that
he said could bring the Internet to its knees.

The filing in U.S. District Court for the Northern District of
California asks the court to prevent Lynn and Black Hat from
"further disclosing proprietary information belonging to Cisco and ISS,"
said John Noh, a Cisco spokesman.

"It is our belief that the information that Lynn presented at Black Hat
this morning is information that was illegally obtained
and violated our intellectual property rights," Noh added.

Lynn decompiled Cisco's software for his research and by doing so
violated the company's rights, Noh said.

The legal moves came Wednesday afternoon, only hours after Lynn gave the
talk at the Black Hat security conference here.
Lynn told the audience that he had quit his job as a researcher at ISS
to deliver the presentation, after ISS had decided to pull
the session. Notes on the vulnerability and the talk, "The Holy Grail:
Cisco IOS Shellcode and Remote Execution," were
removed from the conference proceedings, leaving a gap in the thick

Lynn outlined how to run attack code on Cisco's Internetwork Operating
System by exploiting a known security flaw in IOS.
The software runs on Cisco routers, which make up the infrastructure of
the Internet. A widespread attack could badly hurt
the Internet, he said.

The actual flaw he exploited for his attack was reported to Cisco and
has been fixed in recent releases of IOS, experts
attending Black Hat said.

The ISS research team, including Lynn, on Monday decided to cancel the
presentation, Chris Rouland, chief technology
officer at ISS, said in an interview. "It wasn't ready yet," he said.
Lynn resigned from ISS on Wednesday morning and
delivered the presentation anyway, Rouland added.

Lynn presented ISS research while he was no longer an employee, Rouland

Adding to the controversy, a source close to the Black Hat organization
said that it wasn't ISS and Lynn who wanted to
cancel the presentation, but Cisco. Lynn was asked to give a different
talk, one on Voice over Internet Protocol security, the
source said.

But ISS' Rouland said there "was never a VoIP presentation" and that
Wednesday's session was supposed to be cancelled

"The research is very important, and the underlying work is important,
but we need to work with Cisco to determine the full
impact," Rouland said.

Previous Next

Cisco was involved in pulling the presentation, a source close to the
company said. The networking giant had discussions
with ISS and they mutually agreed that the research was not yet fully
baked, the source said.

The demonstration on Wednesday showed an attack on a directly connected
router, not a remote attack over the Internet.
"You could bring down your own router, but not a remote one," Rouland

One Black Hat attendee said he was impressed with Lynn's presentation.
"He got a shell really easy and showed a basic
outline how to do it. A lot of folks have said this could not be done,
and he sat up there and did it," said Darryl Taylor, a
security researcher. "Shell" is a command prompt that gives control over
the operating system.

Noh said that Lynn's presentation did not disclose information about a
new security vulnerability or new security flaws. "His
research explored possible ways to expand the exploitation of existing
vulnerabilities affecting routers," the Cisco spokesman

Cisco has patched several flaws in IOS over the past year. Last year,
the San Jose, Calif., networking giant said that part of
the IOS source code had been stolen, raising fears of more security bugs
being found.

On Wednesday, Noh reiterated the company's usual advice that customers
upgrade their software to the latest versions to
mitigate vulnerabilities.

Following his presentation, Lynn displayed his resume to the audience
and announced he was looking for a job. Lynn was not
available for comment. Representatives of the Black Hat organization
said the researcher was meeting with lawyers.

More information about the cypherpunks-legacy mailing list