TCP/IP ISN Vulnerabilities

Started by deanwebb, February 10, 2021, 07:47:59 AM

Previous topic - Next topic

deanwebb

https://www.zdnet.com/article/this-old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks/

TCP/IP stacks found to contain the vulnerabilities include several open-source stacks analysed in Forescout's previous study, including uIP, FNET, picoTCP, Nut/Net, cycloneTCP and uC/TCP-IP. Vulnerabilities have also been discovered in Siemens' Nucleus NET, Texas Instruments' NDKTCPIP and Microchip's MPLAB Net.

tl;dr: you'll get some patches in the next few days and weeks. APPLY THEM! :smug:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Typical IoT Security. Randomizing ISNs has been a known requirement for years. Anyone check if they are also vulnerable to ping of death? I don't really expect many patches. The open source guys will patch the code, but none of the vendors that use it in their device is going to patch unless it is by accident.

-Otanx

deanwebb

I know Siemens is working on some stuff. But, yes, there's older stuff still on a prod line that needs to be firewalled off ASAP.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.