[AusNOG] bash bug !

Roland Dobbins rdobbins at arbor.net
Mon Sep 29 00:21:36 EST 2014


On Sep 27, 2014, at 9:34 AM, Mark Andrews <marka at isc.org> wrote:

> So you are trusting that all internal machines have not been compromised?

Everyone needs to think about phishing-type delivery of an exploit-scanning package via email, IM, social media, et. al., too.

Print servers, WiFi APs, home CPE devices, and so forth may be vulnerable - I know a lot of them run ash, but some don't. 

For devices with Web management pages, forcing all access through authenticated proxies which can scrub requests via regexp, coupled with strict ACLs (which ought to be in place already) would be a good idea.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön



More information about the AusNOG mailing list