That is a bit paranoid, but it could happen. I have not seen anybody do anything that intelligent in the past couple of years. Not to say that there arent people out there that couldn't do that but I think many have thought of using one exploit to expose another, DDoS is the closest I have seen on any of my honeypots. I have learned many things about what most people will try to get into a box from the honeypots, but that is a good point. Filtering or patching should take place on the edge and on the most critical spots on your network.
Good Luck > > I had a passing thought over the weekend regarding Thursday's cisco > vulnerability and the recent Microsoft holes. > > The next worm taking advantage of the latest Windows' vulnerabilities is > more or less inevitable. Someone somewhere has to be writing it. So why > not include the cisco exploit in the worm payload? > > Based on past history, there will be plenty of vulnerable Windows hosts to > infect with the worm. I would also guess that there are lots of > organizations and end-users that have cisco devices that haven't patched > their IOS. Furthermore, I wonder how many people have applied filtering > only at their border? But packets from an infected host inside the > network wouldn't be stopped by filtering applied only to the external > side. > > Basically, if you're filtering access to your interface IP's rather than > upgrading IOS, remember that the internet isn't the only source of danger > to your network. > > Adam Maloney > Systems Administrator > Sihope Communications >
