Router Knowledge

By David Morgenstern  |  Posted 2004-05-17 Print this article Print

In most operational situations, Woodcock said, packets would be addressed to the routers CPU via a network management terminal located inside the site. "Ten years ago, every router was directly addressable from the outside. Now, an attacker would need a lot of knowledge about the router, which may not even be addressable from the outside anyway," Woodcock said.
More of a potential concern to network operators was the widely publicized TCP flaw in the Internets Border Gateway Protocol (BGP) in April. In that case, an attacker could stop traffic between two ISPs by way of a peer connection between routers.
Click here to read more about the Internet BGP flaw. On the NANOG list, Russian-based operator Alexei Roudnev said hes less concerned with the security implications than with the business ones for Cisco. "I should not be too aware of the possible usage of this source code for the exploit development; Cisco [routers] have very few points where they parse or process IP packets, and most of such points are filtered out," Roudnev observed. "Much more serious is the trade secrets issue. Of course, no one can take this code and use it on their equipment, or grab a library and reuse it," he wrote. "But, unfortunately, Ciscos codes should have many small tricks, smart design solutions and so on, which make IOS so efficient, and these things can be reused by competitors (unfortunately for Cisco, only a few West countries respect authors rights, and other people are free to purchase this source code from the hacker and use as much as they do want)," Roudnev posted. On the other hand, some router industry professionals said Cisco could benefit from open-sourcing IOS. According to Per Gregers Bilse, routing software engineer at London-based Network Signature, the idea has a "lot going for it." "IOS as such is not a major revenue source, considering equipment prices in general," Bilse observed in a NANOG posting. "Cisco could bundle IOS at no cost merely by cranking up the hardware prices by a small amount, and there are no big secrets in the source. "Arguably, there are things that some people might find interesting to try to dig into, but in terms of making a network box, a lot of the mystery has turned into old hat over the years." For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. In an interview Monday, Bilse expanded on his thesis: "Conceptually, I would compare IOS to Unix: Unix is a very good general-purpose computer operating system, and IOS is a very good general-purpose network box operating system. And what happened to Unix? "Once the prized jewel of AT&T Labs, real Unix [SysV] is now a piece of questionable intellectual property [with The SCO Group Inc.s legal effort], and free, open-source reimplementations of the basic idea or functionality rule the market," Bilse added, pointing to Linux and BSD implementations. "If AT&T had loosened their grip on the reins earlier on, they would still be in charge." Check out eWEEK.coms Security Center at for the latest security news, reviews and analysis.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page

David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.

In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.

David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.

He can be reached here.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel