On Fri, 29 Jul 2005 08:29:35 -1000, Jason Coombs said:
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
All von Neumann architecture processors are equally vulnerable in theory. About
all you can do is fix the boot loader and early kernel code to emulate a
Harvard architecture (basically, 2 separate memory spaces, one for instructions
and one for code, and never the twain shall meet). At that point, things are a
little better.
However, both von Neumann and Harvard systems are Turing-complete, and therefor
have innate theoretical limits (see the Turing Halting Problem for details, and
Fred Cohen showed over 20 years ago that the detection of malware is a
Turing-equivalent problem.
Your only perfect defense here is implementing all of it in a custom ASIC,
which in itself is insane - if a logic or timing bug is found, you're looking
at having to do a hardware replacement rather than just downloading a new
software load. You can cut some of the pain with an FPGA, but that's still a
whole different league than a software solution.
You think debugging a BGP wedgie(*) is tough now, remember that even IOS is
able to do a small amount of introspection and tell you what's going on. That's
almost impossible with an ASIC or FPGA based solution...
(*) Yes, it's really called that. Google for 'BGP Wedgie' if you don't believe
me. :)
pgpNv036C0rNE.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
