Not just big, but huge.
Good summary of DDOS using IP Spoofing and useful for your incompetent line managers who probably doesn’t understand (or have time to learn) such things.
Why is IP Spoofing a thing?
The attacks discussed so far rely on IP spoofing. But why is IP spoofing even possible?
It’s a side effect of the design of the internet.
The real cause of large DDoS – IP Spoofing : https://blog.cloudflare.com/the-root-cause-of-large-ddos-ip-spoofing/
Four years to fix security vulnerabilities in NX-OS code is way too long. Its amazing that customers accept that Cisco will take years to patch bugs in the latest and most actively developed version for data centre switch AFTER public disclosure. Reporting was done via internal channels from a trusted third party and I can’t see any excuses for such a poor security response.
The exploits, which I formally reported to Cisco, were never made public, until over four years later.
Its clear that Cisco doesn’t care about the security of its products with regular vulnerabilities across all of its products and then very slow reaction and patching.
Summary of Cisco NX-OS security vulnerabilities I uncovered – Maximum Entropy : http://www.feeny.org/summary-cisco-nx-os-security-vulnerabilities-uncovered/
Nearly as bad as revent Cisco firewalls (and routers) but Mikrotik routers are compromised. Are we prepared for our network devices (routers, switches, proxies, firewalls etc) to be a primary attack vector ? I don’t think so.
Kaspersky’s Shulmin and Sergey Yunakovsky, speaking at SAS, said Slingshot stands out for its unusual attack vector – the malicious actors infected victims through compromised MikroTik routers and placed a malicious dynamic link library inside it that acts as a downloader for other malicious components.
Cyber Espionage Campaign ‘Slingshot’ Targets Victims Via Routers | Threatpost | The first stop for security news : https://threatpost.com/cyber-espionage-campaign-slingshot-targets-victims-via-routers/130348/
Security Advisories and Alerts Retrieved 12 Mar, 2018
Cisco scores yet another 10/10 for security vulnerability on firewalls. This includes new and old firewalls. “It now affects 15 products that run ASA software, including a wide range of Firepower Security Appliance versions, ASA 5500-X Series Next-Generation Firewalls and ASA 5500 Series Adaptive Security Appliances.”
Its like no one actually tests these products and Cisco waiting for customers to report security vulnerabilities in addition to bugs. Plus Cisco is being criticised for not handling this in a timely manner.
Cisco has come under fire for its handling of the situation. Sysadmin Colin Edwards, who blogs frequently on network and security issues, said far too much time had passed–80 days, by his measure–between when Cisco released its first patches for the vulnerability and when it published the security advisory.
Why bother with IT Security ?
Cisco Issues New Patches for Critical Firewall Software Vulnerability | Threatpost | The first stop for security news : https://threatpost.com/cisco-issues-new-patches-for-critical-firewall-software-vulnerability/129793/