3/1/2023 0 Comments Reddit packetstream safeThese applications pose significant privacy and operational risks to organizations as they may allow nefarious or abusive network traffic to appear as if it originates from their corporate networks resulting in reputational damages that may also lead to service disruption.Īdversaries are finding new ways to monetize their attacks by abusing internet-sharing, or "proxyware" platforms like Honeygain, Nanowire, and others.Trojanized installers are some of the most common threats taking advantage of public interest in proxyware to infect victims.In many cases, these applications are featured in multi-stage, multi-payload malware attacks that provide adversaries with multiple monetization methods.Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems.As proxyware has grown in popularity, attackers have taken notice and are now attempting to exploit this interest to monetize their malware campaigns.With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between. Cisco Mobility Services EngineCisco Wireless LAN Controllerįor a full list of the products known to be affected by FragmentSmack, you can check the advisory.Cisco Aironet 3800 Series Access Points.Cisco Aironet 2800 Series Access Points.Cisco Aironet 1815 Series Access Points.Cisco Aironet 1560 Series Access Points.Cisco Application Policy Infrastructure Controller (APIC).Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode.Cisco Nexus 9000 Series Fabric Switches - ACI mode.Cisco MDS 9000 Series Multilayer Switches.Cisco ACI Virtual EdgeCisco Application Policy Infrastructure Controller (APIC).Some of the routing and networking equipment currently identified as vulnerable include: As soon as the packet stream stops, the operating system returns to its normal functioning state. Systems under a DoS attack with FragmentedSmack are inoperable for the duration of the assault. Patches are currently available for both Linux and Windows. This is possible because of the inefficient algorithms available in the IP stack the Linux kernel uses for the reassembly of IPv4 or IPv6 packets.Īlthough the bug was first discovered on Linux, along with its sibling SegmentSmack, which relies on crafted TCP packets to trigger a DoS condition, FragmentSmack affects Windows operating systems, too. Identified as CVE-2018-5391, FragmentSmack allows an unauthenticated attacker to increase CPU usage to maximum on an affected machine, rendering it unresponsive. In an advisory on Monday, Cisco reminds that off-device mitigations could also be a valid solution for controlling the flow of IP fragments. Until a patch becomes available, Cisco recommends customers check the product-specific documentation for possible workarounds.Īdministrators may be able to use rate limiting measures, like access control lists (ACL), to control the stream of fragmented packets reaching an interface. More specifically, the company is looking at the Application Policy Infrastructure Controller Enterprise Module (APIC-EM).ĪPIC-EM delivers software-defined networking and allows automation of policy-based application profile for quick deployment of devices across the network or adapt to new challenges. The products currently under investigation are from the routing and switching category, designed for enterprises and service providers. Many of them expect a fix by February 2019. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |