[nsp-sec] Looking glass s/w?

Nick Hilliard nick at inex.ie
Sat Sep 27 07:04:13 EDT 2014 

John,

could you post this somewhere public, e.g. nanog at nanog.org?

Nick

On 27/09/2014 08:12, John Fraizer wrote:
> Sorry (kinda) to revive such an old thread but, I want to get the word out.
> 
> First, Hank, my MRLG will do "show ip bgp community xxxx" as well as "show
> ip bgp regexp xxxx".
> 
> Next, and more specific to this particular email though is the fact that
> there is a new version of MRLG that any users of MRLG should deploy.  
> 
> I was contacted by Luca Bruno a couple of months ago regarding the
> fastping.c utility that has been included with MRLG for the past 14 years. 
> It seems that it is vulnerable to a crafted attack that can cause remote
> memory overwrite/corruption.  I was OCONUS with limited connectivity at the
> time, in addition to being up to my eyeballs dealing with a Southeast Asia
> network redesign.
> 
> The fastping.c utility was only used by MRLG in the outside chance that the
> "router" in question was Zebra/Quagga.  Based on Google results, this was a
> very minuscule minority of installations that utilize MRLG. 
> 
> Last night, I had some downtime and was able to put together a (superior?)
> replacement for fastping.c that utilizes the existing ping utility on the
> MRLG host system while emulating the IOS ping facility.
> 
> I have released MRLG 5.5.0 as of Sat Sep 27 03:16:28 UTC 2014.  It is a
> (nearly) drop-in replacement for all previous versions of MRLG that
> addresses the issue that Luca Bruno and Mariano Graziano brought to light
> in CVE-2014-3931. See: http://www.s3.eurecom.fr/cve/CVE-2014-3931.txt
> 
> The latest MRLG (5.5.0) is available at http://mrlg.op-sec.us/
> 
> I know that the details of this CVE was published at:
> http://mailman.nanog.org/pipermail/nanog/2014-July/068014.html and 
> http://www.s3.eurecom.fr/lg/defcon_looking-glass.pdf
> http://vrt-blog.snort.org/2014/09/looking-glasses-with-bacon.html
> http://tools.cisco.com/security/center/viewAlert.x?alertId=35693
> https://www.defcon.org/images/defcon-22/dc-22-presentations/Bruno-Graziano/DEFCON-22-Luca-Bruno-Mariano-Graziano-looking-glass-Updated.pdf
> https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf
> 
> There are likely many other locations at which CVE-2014-3931 is detailed.
> 
> I ask that the NSP-SEC community make it known - via whatever channels -
> that this vulnerability has been addressed and mitigated and point folks to
> http://mrlg.op-sec.us/ for the latest code.
> 
> Many thanks!
> 
> --
> John Fraizer
> ΥΣΜΧ
> 
> 
> 
> On Sun, Feb 10, 2013 at 5:36 PM, Nick Hilliard <nick at inex.ie
> <mailto:nick at inex.ie>> wrote:
> 
>     ----------- nsp-security Confidential --------
> 
>     On 10/02/2013 17:20, Hank Nussbacher wrote:
>     > I am looking for a LG that can do
>     > show ip bgp community xxxx
>     > show ip bgp regexp xxxx
> 
>     http://wiki.version6.net/LG
> 
>     tip: the Net::SSH::Perl module doesn't understand cisco sshv2, so if you're
>     plugging it into a cisco box then you will need to enable sshv1 on the box.
> 
>     It's a cow to install, but when it works it's very nice.
> 
>     Nick
> 


-- 
Network Ability Ltd. | Chief Technical Officer | Tel: +353 1 6169698
52 Lower Sandwith St | INEX - Internet Neutral |
Dublin 2, Ireland    | Exchange Association    | Email: nick at inex.ie

More information about the nsp-security mailing list