In the past few months, the folks at LSsecurity have found and disclosed several buffer overflows in the CA BrightStor product lines. These are all remotely exploitable vulnerabilities, and exploit code has been released for several of these issues, including CVE-2006-5143 describing issues in msgeng.exe on TCP port 6503, and CVE-2006-6076 for issues in the [...]
A couple of days ago a series of three vulnerabilities in Cisco IOS and IOS XR were disclosed. The most severe of these may allow for remote code execution on the affected device, a possibility made less theoretical after Blackhat 2005. The three issues are:
Cisco Security Advisory: Crafted IP Option Vulnerability, the most serious of [...]
We’ve been doing analysis on the DDoS attack and network traffic distribution data some of our Peakflow SP customers are providing and I figured I’d share a bit of a teaser. The data is shared with Arbor via an optional module within Peakflow SP, so if you’re wondering how it’s gathered have a look [...]
Last week I got a weird piece of malware, one that didn’t quite look familiar. A quick round of dynamic and static analysis showed that it was indeed new, and it turns out it was the malware known as the Storm Worm. AV detection, late Thursday night last week, was pretty weak, and I went [...]
NANOG 39 is February 4-7, 2007 in Toronto, looking forward to seeing many of you folks there. I’ll again be moderating the ISP Security BOF (a loosely managed gathering of mostly network security operations folk).
We’ve got a couple of discussion topics on the agenda at the moment:
The root of a log: Extracting Intelligence from [...]
