From fernando en gont.com.ar Tue Jan 6 00:19:29 2009 From: fernando en gont.com.ar (Fernando Gont) Date: Mon, 05 Jan 2009 23:19:29 -0300 Subject: [LACNIC/Seguridad] Fwd: "Security Assessment of the Internet Protocol" & the IETF Message-ID: <200901060228.n062SX50023934@venus.xmundo.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Estimados, El OPSEC WG de la IETF esta decidiendo en este momento acerca de aceptar o no el Internet-Draft "Security Assessment of the Internet Protocol" que publique hace algunos meses atras. Seria interesante que quienes esten interesados, participen activamente en esta decision. Debajo encontrarán un post que acabo de hacer al respecto en bugtraq & full-disclosure, en el que elaboro mas esta cuestion. (La participacion en la IETF hay que hacerla en ingles, y el propio Internet-Draft esta en ingles... de ahi que no traduce el post en cuestion) Saludos cordiales, y muchas gracias! Fernando Gont -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSWK9QJbuqe/Qdv/xAQg9UQf9HTSeyCvdcs65o1hMigtiv5ogiVr9ELLW m8O7ec6RyyeaCbG0yY3REzGHeEBfR1Oq7sg3gVgtZexpEWwTizQT45lUouv6DQov WH4WMn0Kv9mF2eIZ3m2Y7I9uaE/Qe9FOGlGqUUE4L9/NZLzHzG9blgYcJRHWf6y+ og9hoVbOmJ3oimjLTnywapfxDZPwBuF6XLP3UK4voQEhVozAbCoYve1XXVzEh3nT imtHwQqhKVR3Z93c3VFRp5pKjDND23483jYLAz4YYellAWkVB9CnfN9OzSzzQpWG DpKtMntaX2WdgljeuE1j8JoSdLSSKdhvVJgtiokJuigc2klJk08tLQ== =HSZ1 -----END PGP SIGNATURE----- >Date: Mon, 05 Jan 2009 22:43:03 -0300 >To: full-disclosure en lists.grok.org.uk, bugtraq en securityfocus.com >From: Fernando Gont >Subject: "Security Assessment of the Internet Protocol" & the IETF > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >Folks, > >In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of >National Infrastructure) published the document "Security Assessment of the >Internet Protocol". The motivation of the aforementioned document is >explained in the Preface of the document itself. (The paper is available >at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf ) > >Once the paper was published by CPNI, I produced an IETF Internet-Draft >version of the same paper, with the intent of having the IETF publish >recommendations and/or update the specifications where necessary. This IETF >Internet-Draft is available at: >http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's >also available at the IETF I-D repository). > >The Internet-Draft I published was aimed at the OPSEC WG. And the Working >Group is right now deciding whether to accept this document as a WG item. >This is certainly a critical step. Having the OPSEC WG accept this document >as a WG item would guarantee to some extent that the IETF will do something >about all this, and would also somehow set a precedent in updating the >specifications of core protocols and/or providing advice on security >aspects of them. > >The call for consensus is available at: >http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can >voice your opinion on the relevant mailing-list sending an e-mail to >opsec en ietf.org . You don't need to subscribe to the mailing list to post a >message (although your message will be held for moderator approval before >it is distributed to the list members). > >The deadline for posting your opinion is January 9th (next Friday). > >Thanks so much! > >Kind regards, >Fernando Gont > > > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.5.3 (Build 5003) - not >licensed for commercial use: www.pgp.com > >wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8 >VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT >+Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q >8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91 >sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE >H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg== >=m6sI >-----END PGP SIGNATURE----- > >-- >Fernando Gont >e-mail: fernando en gont.com.ar || fgont en acm.org >PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > -- Fernando Gont e-mail: fernando en gont.com.ar || fgont en acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From roque en lacnic.net Wed Jan 7 10:06:02 2009 From: roque en lacnic.net (Roque Gagliano) Date: Wed, 7 Jan 2009 10:06:02 -0200 Subject: [LACNIC/Seguridad] generic attack on Cisco routers References: <20090105205452.21170083@cs.columbia.edu> Message-ID: Interesante...otra razón para tener los IOS al día. Lo que hace es correr vulnerabilidades del código de viejos IOS conocidas que el usuario no era vulnerable anteriormente. > http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ r. ------------ próxima parte ------------ Se ha borrado un adjunto en formato HTML... URL: http://mail.lacnic.net/pipermail/seguridad/attachments/20090107/8ad247fe/attachment.htm ------------ próxima parte ------------ Se ha borrado un mensaje que no está en formato texto plano... Nombre : PGP.sig Tipo : application/pgp-signature Tamaño : 194 bytes Descripción: This is a digitally signed message part Url : http://mail.lacnic.net/pipermail/seguridad/attachments/20090107/8ad247fe/attachment.pgp From carlos.martinez en csirt-antel.com.uy Thu Jan 8 14:18:14 2009 From: carlos.martinez en csirt-antel.com.uy (Carlos M. Martinez) Date: Thu, 08 Jan 2009 14:18:14 -0200 Subject: [LACNIC/Seguridad] Rogue CA's con MD5 Message-ID: <49662746.6080305@csirt-antel.com.uy> Como ya se menciono en LACNOG, investigadores han creado una "rogue CA" usando debilidades de MD5. http://www.phreedom.org/research/rogue-ca/ slds Carlos From fernando en gont.com.ar Sat Jan 10 17:04:31 2009 From: fernando en gont.com.ar (Fernando Gont) Date: Sat, 10 Jan 2009 16:04:31 -0300 Subject: [LACNIC/Seguridad] Fwd: Re: generic attack on Cisco routers Message-ID: <200901101913.n0AJDGGF012872@venus.xmundo.net> Estimados, Para los interesados, acaban de postear un video de la presentacion correspondiente. Saludos, Fernando >To: "NANOG list" >Subject: Re: generic attack on Cisco routers >From: Jens Link >Date: Sat, 10 Jan 2009 19:37:02 +0100 >User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) > >"Steven M. Bellovin" writes: > > > http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ > >There's also a video of the talk at 25c3: > > > >cheers, > >Jens >-- >------------------------------------------------------------------------- >| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | >| http://www.quux.de | http://blog.quux.de | jabber: jenslink en guug.de | >------------------------------------------------------------------------- -- Fernando Gont e-mail: fernando en gont.com.ar || fgont en acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From carlos.martinez en csirt-antel.com.uy Fri Jan 16 11:40:05 2009 From: carlos.martinez en csirt-antel.com.uy (Carlos M. Martinez) Date: Fri, 16 Jan 2009 11:40:05 -0200 Subject: [LACNIC/Seguridad] Un gusano como hace tiempo no se veia Message-ID: <49708E35.7050807@csirt-antel.com.uy> Hola a todos, Hispasec tiene una revision muy interesante del gusano Conficker, el primero en bastantes años que ha logrado niveles de infección importantes (aunque nada comparado con lo que fue p.ej. Blaster). Un punto que lo hace mas interesante: los mecanismos de propagación que utiliza, una vuelta a principios de los 90, con el virus Pong y el virus Michelangelo: propagacion via dispositivos de almacenamiento (USB en este caso) + autorun. http://www.hispasec.com/unaaldia/3733 slds Carlos