[AusNOG] Cisco 7200 a popular "ddos" target?

Dobbins, Roland rdobbins at arbor.net
Wed Sep 29 13:26:16 EST 2010


On Sep 29, 2010, at 9:47 AM, Greg M wrote:

> Question is – is there malware out there that is designed to specifically DDoS the vty interfaces (ssh/telnet) of the 7200? It seems bizzare that this would be the case.

Attackers routinely go after routers and other network infrastructure, as these devices often aren't properly hardened to withstand attack, or, as is the case with software-based routers such as the 7200, simply don't have the pps/bps capacity in hardware to handle even small DDoS attacks.

In particular, if you've exposed your ssh (telnet should be disabled!) and other management-plane interfaces/services/traffic to the Internet, you're asking to get DDoSed and/or hacked (the bad guys will brute-force your routers, just as they do servers, andthen use them for DDoS, MITM, spam proxying, et. al.).  

This is a big no-no, and protecting your management and control planes is a standard industry best current practice (BCP). They *must not be exposed to traffic originating outside your designated management network/hosts*!

See the following preso for information on hardening your infrastructure against attack:

<https://files.me.com/roland.dobbins/prguob>

and this one on the general threat landscape (there's a slide in there on routers and other network infrastructure equipment in particular):

<https://files.me.com/roland.dobbins/y4ykq0>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.







More information about the AusNOG mailing list