[cisco-voip] cisco licensing changes...
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sun Mar 7 13:56:07 EST 2010
Hi,
> wonder how easy it would be to slip an IP address disguised as a single decimal number in some code or even as some sort of list of escape sequences so no one would catch on.
there are always intresting ways to try to subvert the process...depends on
also, how well the developer is trusted and their access to the code..if
THEIR boxes got done-in, could they be used by the perp to then inject code
with no sign-off?
however, your question then raises the issue of 'so what would tha achieve'?
- as an example to this, I would say 'why would you allow your box to just talk to
some random other box?' - a system behind a FW or in some DMZ might have code
to 'phone-home' - but that might never be acheivable...and when it does, the IPS/IDS
rings bells because the system is trying to do something its not meant to do...eg
open an outbound SSH session etc.
so, its not just the checks and balances on the code...but also the checks and
balances on the deployment of the server/service and the environment its going
into.
alan
More information about the cisco-voip
mailing list