O'Reilly logo

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition by Gerardo Richarte, Felix FX Lindner, John Heasman, Chris Anley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13. Cisco IOS Exploitation

Cisco Systems is the primary provider of routing and switching equipment for the Internet and many, if not most, corporate networks. As the routing and switching gear develops and becomes increasingly complex, it provides a plethora of additional services besides simple packet forwarding. Additional functionality, however, requires additional code—code that breaks and might be exploited.

In the past, only a few security researchers have publicly worked on attacks against this widely used platform. Part of the reason for this is the general unavailability of the expensive Cisco equipment to a broader audience. Another factor might be that common operating system platforms are much easier to work with and require less intimate knowledge to achieve the same results.

However, with the advent of advanced protection mechanisms in both the Windows and the Linux world, more researchers might turn to the comparatively weakly protected platforms on which the Internet runs.

An Overview of Cisco IOS

Cisco Systems sells a plethora of different products. In the earlier days of the company, most these products ran the Cisco Internetworking Operating System, or IOS. In the current product line of Cisco Systems, only the routing and switching gear still run IOS. Despite this development, attacking systems running IOS is still very interesting due to the extremely large installation base and the fact that routers and switches are almost never updated to newer versions ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required