Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
IS TRUE ?
- Thread starter menny10
- Start date
CCIEWANNABE
MIS
[URL unfurl="true"]http://www.nwfusion.com/gif/2002/0128ne12.gif[/URL]
I would say yes there are. Route once; switch many
CCIEWANNABE
MIS
There are plenty of login Buffer Overflow viruses. In addition; there are many different intruder viruses that consume memory and processor time.
Link:
Route once; switch many
Link:
Route once; switch many
Just to clarify, you're referring to a virus that's infected your LAN, and you believe your router is the host machine? I think that the ultimate answer is yes, this is possible but I believe the short answer in your situation is no. A virus from the internet can pass through your router and infect your LAN if you don't filter them out, either @ the router or w/ a seperate firewall. Also router specific viruses or bugs can exist on your router, but these are not the type of viruses that typically infect LANs. Now if you were to create a directory, store a virus and write a script that would forward the virus from the router to your LAN, than yes, this is a possibility, but this would be a deliberate action on your part. I've never heard of a router being infected w/ code red or any other malicious virus. I have heard of routers being vulnerable to attack (allowing viruses to pass through) b/c they aren't configured properly.
Like Alain siad, why do you think your router is infected?
Like Alain siad, why do you think your router is infected?
I've very recently come across a case where a server was infected by the nimda virus, the router (1600) was reporting memory allocation errors and running extremely slowly. Once the server was disconnected the errors disappeared, at first I thought this was due to fauly buffers/memory in the router. Since we've cleared the virus from the Lan internet connectivity has returned to normal.
CCIEWANNABE,
"..there are plenty of login buffer overflow viruses.."
ahem,,a buffer overflow would be an attack on a deficient
boundary check in the login binaries' code, not a virus per-se.
A virus could be written to take advantage of this vector of course, but it would more usefully be a trojan of some
sort.
"..many different intruder viruses that consume memory and
processor time.."
All running binaries use these resources..what's your point? I don't see any reference to a virus that specifically utilizes "..cache memory of the router.."
for this purpose, or even if resident in "cache memory"
one that would have more than local significance.
Is this FUD or are you actually in possession of some
reportable facts?
Benzito,
How is a router, that is running binaries of a totally
different variety than your average winhost, going to
be the contaminated vector for virus propagation?
It is difficult to write multiplatform viruses;
say one that understands ELF and win32 binaries alike.
So:
What makes everyone believe that an IOS specific virus
can do any harm to a windows machine or vice versa, except
indirectly through bandwidth suffocation in the case of a
network aware or scanning worm like nimda, code red?
"..there are plenty of login buffer overflow viruses.."
ahem,,a buffer overflow would be an attack on a deficient
boundary check in the login binaries' code, not a virus per-se.
A virus could be written to take advantage of this vector of course, but it would more usefully be a trojan of some
sort.
"..many different intruder viruses that consume memory and
processor time.."
All running binaries use these resources..what's your point? I don't see any reference to a virus that specifically utilizes "..cache memory of the router.."
for this purpose, or even if resident in "cache memory"
one that would have more than local significance.
Is this FUD or are you actually in possession of some
reportable facts?
Benzito,
How is a router, that is running binaries of a totally
different variety than your average winhost, going to
be the contaminated vector for virus propagation?
It is difficult to write multiplatform viruses;
say one that understands ELF and win32 binaries alike.
So:
What makes everyone believe that an IOS specific virus
can do any harm to a windows machine or vice versa, except
indirectly through bandwidth suffocation in the case of a
network aware or scanning worm like nimda, code red?
Marsd,
I never said anything about winhost or even pc's ;-) I DON'T believe that it's possible for a IOS specific virus (bugs) on a cisco router to affect the LAN.
"Also router specific viruses or bugs can exist on your router, but these are not the type of viruses that typically infect LANs"
I do believe that it's possible to store a malicious file on a router and then forward it to a host on your network.
But like I stated, this would have to be done deliberately...
I never said anything about winhost or even pc's ;-) I DON'T believe that it's possible for a IOS specific virus (bugs) on a cisco router to affect the LAN.
"Also router specific viruses or bugs can exist on your router, but these are not the type of viruses that typically infect LANs"
I do believe that it's possible to store a malicious file on a router and then forward it to a host on your network.
But like I stated, this would have to be done deliberately...
CCIEWANNABE
MIS
Many cisco devices run embedded IIS. Any product with IIS is threatened. Anyone with a Web browser can manipulate or destroy files.
My company has been effect many times because so called network engineers didn't verify IOS Image downloads. Very simple mistake. We now use the following guides.
Link:
Requires PDF veiwer. Route once; switch many
My company has been effect many times because so called network engineers didn't verify IOS Image downloads. Very simple mistake. We now use the following guides.
Link:
Requires PDF veiwer. Route once; switch many
- Thread starter
- #11
In fact
My lan was infected with some kind of nimda worm, finally i format my server and did some patch on the terminals, and the nimda still in my lan, in second hand i did a reset to my 1600 a simple on/off , it was for last holidays, and of return i believe somebody leave on the router and active the virus in that date, that date we arrive were some files infected with date over april 25, thats why i supous the router was some kind of guilty.
My lan was infected with some kind of nimda worm, finally i format my server and did some patch on the terminals, and the nimda still in my lan, in second hand i did a reset to my 1600 a simple on/off , it was for last holidays, and of return i believe somebody leave on the router and active the virus in that date, that date we arrive were some files infected with date over april 25, thats why i supous the router was some kind of guilty.
Cisco's fault for running embedded IIS.
Once again, not a cisco IOS problem, and I still don't see
any of these login buffer overflows against cisco devices not running IIS that were written to introduce virii....
The iis problem was posted to all the security lists and
every responsible admin on the planet patched, or disabled web service.
But it's obvious that this "many virus" talk was FUD anyway.
Benzito,
Agreed. As far as storing and retrieving files:
If a cracker got far enough to tftp tainted binaries
into my routers I've got more serious things to worry about then what he was going to do next
Once again, not a cisco IOS problem, and I still don't see
any of these login buffer overflows against cisco devices not running IIS that were written to introduce virii....
The iis problem was posted to all the security lists and
every responsible admin on the planet patched, or disabled web service.
But it's obvious that this "many virus" talk was FUD anyway.
Benzito,
Agreed. As far as storing and retrieving files:
If a cracker got far enough to tftp tainted binaries
into my routers I've got more serious things to worry about then what he was going to do next
- Status
