« Linux: the future for Solaris shops? | Main | Be Unreasonable »

July 24, 2003

How to 0wn the Internet in 1.3 seconds

Last year, after the Code Red worm, a paper was written on how Code Red could have run more efficiently, and started a lot of conversation about "How to 0wn the Internet in 15 Minutes".

Big woop. That's so last year.

Here's how to 0wn the Internet in 1.3 seconds.

  • Find around 100,000 Cisco IOS-powered routers. Traceroute or hping are both good router-locators. Maybe 300,000 is better, because some routers won't be vulnerable.
  • Educate yourself on the recent IOS vulnerability. Write up an exploit, or just download it from any local miscreant mailing list or Web site.
  • Send exactly 74 malformed packets to each router, which will wedge in the input interface. Be careful to not hit the same router more than once, or you'll set off alarms when routers wedge.
  • Here's where you start the timer (the rest was "preparation" and doesn't count towards the clock): when you decide to make things interesting, get on a machine on at least a 100Mb/s connection. Send out one malformed packet to each router, preferrably starting from the edge and backwards so as to not disconnect yourself from working routers. 100,000 packets at 100Mb/s = 1.3 seconds. This completely wedges the router interface, and it stops processing traffic--mission accomplished. Adjust appropriately for higher numbers of routers or lower connection speeds.

    And there you have it. The recipe for taking down big chunks of the network, maybe the whole thing, in ~ 1.3 seconds.

    Of course, presumably most Cisco routers have been upgraded already or will be upgraded soon. So by the time you get around to trying this, it won't work. And most competent network operators have permanent blocks against this vulnerability.

    Posted by pete at July 24, 2003 12:51 AM

    Trackback Pings

    TrackBack URL for this entry:

    Comments

    Post a comment




    Remember Me?