UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
December
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#38762 - 05/17/04 07:06 PM Cisco investigates source code leak
Phatal Offline
UGN News Staff

Registered: 04/05/04
Posts: 298
Loc: Houston, TX
An unspecified amount of the proprietary source code that drives Cisco Systems' networking hardware has appeared on the Internet, the technology giant acknowledged early Monday.

A representative could not confirm, however, that network intruders made off with 800MB of code, as reported by a Russian security group over the weekend.

"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," said Jim Brady, a spokesman for the company. "The Cisco information security team is looking into this matter and investigating what happened."

Brady could give no further details on the matter.

This is the second time this year that a major technology company's product source code has been made public without authorization. In February, source code for parts of Microsoft's Windows 2000 and Windows NT were leaked to the Internet. One security researcher claimed that he had discovered a minor Internet Explorer flaw by analyzing that source code.

It's uncertain to what degree the leaked code will affect Cisco security. The security of Microsoft's operating systems has not significantly suffered from the leak of its code. Moreover, attackers tend not to focus on vulnerabilities in networking hardware. A major flaw that Cisco warned customers about in July never materialized as a threat.

News of the latest source code leak appeared on a Russian security site, SecurityLab.ru, on Saturday, two days after its administrators received the leaked source code. The site posted two files of source code written in the C programming language, which apparently enables some next-generation Internet Protocol version 6 functionality. One file was copyrighted in 1996 and the other in 2003.

According to SecurityLab.ru, online vandals had compromised Cisco's corporate network and stolen about 800MB of source code. A person with the alias "Franz" bragged about the intrusion and posted about 2.5MB of code on the Internet relay chat (IRC) system not long after the alleged break-in.

By Sunday evening, however, the code could not be located by CNET News.com, and members of the IRC channel were speculating about the authenticity of the two brief excerpts posted on the Russian site.

One participant suggested that they might be a hoax, because "Cisco" was not capitalized in the source code. Others apparently grew tired of the discussion, changing the channel's title temporarily to "do not keep commercial code on online computers...when are people gonna learn."

The excerpts posted by SecurityLab.ru named Ole Troan and Kirk Lougheed as the authors of the code. Both programmers appear to be Cisco employees.

You can view the original article here...
http://news.com.com/2100-7349_3-5213724.html?tag=nefd.top

Top
Sponsored Links
      
#38763 - 05/17/04 09:15 PM Re: Cisco investigates source code leak
Phatal Offline
UGN News Staff

Registered: 04/05/04
Posts: 298
Loc: Houston, TX
Code:
ipv6_discovery_test.c

/*------------------------------------------------------------------ 
* ipv6_discovery_test.c -- Neighbor Discovery unit tests. 
* 
* August 2003, Ole Troan 
* 
* Copyright (c) 2003-2004 by cisco Systems, Inc. 
* All rights reserved. 
*------------------------------------------------------------------ 
*/ 
#include "interface.h" 
#include "interface_private.h" 
#include "../ipv6.h" 
#include "../ipv6_discovery.h" 
#include "sys_registry.h" 
#include "subsys.h" 
#include COMP_INC(cutest, cu_test.h) 

idbtype lidb; 
hwidbtype hwidb; 
ipv6_idbtype ipv6_sb; 
in6_addr_t target; 

/* 
* setup_subsys_init 
*/ 
extern list_header subsyslist[SUBSYS_CLASS_MAX]; 
static void 
setup_subsys_init (subsys_class category, char *name) 
{ 
list_element *element; 
subsystype *subsys; 

FOR_ALL_DATA_IN_LIST(&subsyslist[category], element, subsys) { 
if (!strcmp(name, subsys->namestring)) { 
if (subsys->entry) { 
(*subsys->entry)(subsys); 
break; 
} 
} 
} 
} 


static void 
setup (void) { 
setup_subsys_init(SUBSYS_CLASS_PROTOCOL, "ipv6_nd"); 
reg_add_printf((long)'P', ipv6_printf, "ipv6_printf"); 

/* 
* Create an IDB and Enable IPv6 on it 
*/ 
lidb.hwptr = &hwidb; 
hwidb.firstsw = &lidb; 
hwidb.status = IDB_ETHER; 
lidb.ipv6_data = &ipv6_sb; 

target.s6_addr32[0] = 0x2001000; 
target.s6_addr32[3] = 0x0000001; 
} 


/* 
* nd_test_create 
*/ 
CU_TEST_START (nd_test_create, tc) 
{ 
ipv6_nd_entry *e; 

printf("\nAdding %P to ND cache", &target); 

e = ipv6_nd_table_create(&target, &lidb); 
cu_ok(tc, (e != NULL), "%s", "create ND entry"); 
cu_ok(tc, (e->idb == &lidb) && 
IN6_ARE_ADDR_EQUAL(&e->address, &target), "%s", 
"verify ND entry"); 
} 
CU_TEST_END 


/* 
* nd_test_lookup 
*/ 
CU_TEST_START (nd_test_lookup, tc) 
{ 
ipv6_nd_entry *e; 

e = ipv6_nd_table_lookup(&target, &lidb); 
cu_ok(tc, (e != NULL), "%s", "ND lookup"); 
} 
CU_TEST_END 


/* 
* nd_test_delete 
*/ 
CU_TEST_START (nd_test_delete, tc) 
{ 
ipv6_nd_entry *e; 

ipv6_nd_table_delete(&target, &lidb); 
e = ipv6_nd_table_lookup(&target, &lidb); 
cu_ok(tc, (e == NULL), "ND delete"); 
} 
CU_TEST_END 


/* 
* nd_test_suite 
*/ 
cu_suite_t * 
nd_test_suite (void) 
{ 
cu_suite_t *s = cu_suite_new(); 

CU_SUITE_ADD_TEST(s, nd_test_create); 
CU_SUITE_ADD_TEST(s, nd_test_lookup); 
CU_SUITE_ADD_TEST(s, nd_test_delete); 

return (s); 
} 


CU_TEST_MAIN() 
{ 
int res; 
cu_suite_t *suite = cu_suite_new(); 

cu_init(); 
cu_suite_add_suite(suite, nd_test_suite()); 
setup(); 
res = cu_suite_run(suite); 
cu_suite_summary(suite); 

CU_TEST_MAIN_RETURN(res); 
}

Top
#38764 - 05/17/04 09:28 PM Re: Cisco investigates source code leak
Phatal Offline
UGN News Staff

Registered: 04/05/04
Posts: 298
Loc: Houston, TX
Code:
/*------------------------------------------------------------------ 
* ipv6_tcp.c -- IP version 6 support functions for TCP 
* 
* June 1996, Kirk Lougheed 
* 
* This should be the only file in the TCP sources that 
* explicitly references an IPv6 header or IPv6 addresses. 
* 
* Copyright (c) 1996-2003 by cisco Systems, Inc. 
* All rights reserved. 
*------------------------------------------------------------------ 
*/ 

#include "master.h" 
#include "address.h" 
#include "packet.h" 
#include "interface_private.h" 
#include "../ipv6/ipv6.h" 
#include "../ipv6/ipv6_private.h" 
#include "../ipv6/ipv6_stats.h" 
#include "../ipv6/ipv6_idb.h" 
#include "icmp6.h" 
#include "ipv6_debug.h" 
#include "../tcp/tcp.h" 
#include "../tcp/tcpinternal.h" 
#include "../tcp/tcp_debug.h" 


/* 
* ipv6_receive_tcp_header 
* 
* Pass a TCP segment to the main TCP layer. 
* We checksum it and set up private pointers. 
*/ 
void 
ipv6_receive_tcp_header (paktype *pak) 
{ 
ip6_hdr_t *ip; 
tcptype *tcp; 
ipv6addr_listtype *ifa; 

/* 
* Checksum the TCP packet. 
* Errors are counted by the IPv4 code. 
*/ 
ip = (ip6_hdr_t *)pak->network_start; 
tcp = (tcptype *)pak->transport_start; 

/* 
* Don't accept TCP connections to multicast or anycast addresses 
*/ 
ifa = ipv6_address_find(pak->if_input, &ip->ip6_dst); 
if ((ifa && (ifa->flags & IPV6_IFF_ANYCAST)) || 

IN6_IS_ADDR_MULTICAST(&ip->ip6_dst)) { 
if (tcp_debug) 

buginf("\nTCP: anycast or multicast address <%P,%d> <%P,%d>", 


&ip->ip6_src, tcp->sourceport, 

&ip->ip6_dst, tcp->destinationport); 

retbuffer(pak); 

return; 
} 

if (ipv6_checksum(ip, tcp, IPPROTO_TCP)) { 
if (tcp_debug) 
buginf("\nTCP: checksum failure <%P,%d> <%P,%d>", 


&ip->ip6_src, tcp->sourceport, 

&ip->ip6_dst, tcp->destinationport); 

tcp_traffic.checksumerr++; 

ipv6_stats_update_idb(IPV6_STATS_TCP_CHECKSUM_ERROR, pak->if_input); 

retbuffer(pak); 

return; 
} 

/* 
* Setup TCP's private pointers 
* pak->length is total length less IP header bytes (including extensions) 
*/ 
pak->dataptr = (uchar *)tcp; 
pak->length = ip->ip6_plen + IPV6_HEADERBYTES - ((int)tcp - (int)ip); 

/* 
* Hand TCP segment off to TCP 
*/ 
ipv6_stats_update_idb(IPV6_STATS_TCP_INPUT, pak->if_input); 

if (gettcpack(tcp)) { 
ipv6_reachable(&ip->ip6_src); 
} 
tcp_inputsegment(pak); 
} 


/* 
* ipv6_tcp_write 
* Write a TCP datagram to network using IPv6 network layer. 
* 
* Warning: the code that sends a RST about connectionless packets 
* calls us with a NULL tcb pointer. 
*/ 
void 
ipv6_tcp_write (tcbtype * tcb, paktype *pak, 


addrtype *destination, addrtype *source) 
{ 
ip6_hdr_t *ip; 
tcptype *tcp; 
int bytes; 

/* 
* Put on standard IPV6 header. 
* Figure out extension headers some other time. 
*/ 
ip = (ip6_hdr_t *)pak->network_start; 
ipv6_init_header(ip, IPV6_PRIORITY_INTERACTIVE, IPV6_DEFAULT_FLOW, 


pak->length - IPV6_HEADERBYTES, IPPROTO_TCP, 


ipv6_hop_limit, 

(in6_addr_t *)&source->ipv6_addr, 


(in6_addr_t *)&destination->ipv6_addr); 

/* 
* Compute TCP header checksum 
*/ 
tcp = (tcptype *)pak->transport_start; 
tcp->checksum = 0; 
tcp->checksum = ipv6_checksum(ip, tcp, IPPROTO_TCP); 

/* 
* Do connection based accounting and fiddling. 
*/ 
if (tcb) { 
/* 

* Do some bean counting 
*/ 

if (pak->us_retransno != 0) { 
tcp_traffic.retrans++; 

tcb->pakoutretrans++; 
ipv6_stats_update_idb(IPV6_STATS_TCP_RETRANSMITTED, 




pak->if_output); 
if (tcppkt_debug) 


tcp_print(tcb, pak, tcp, 'R'); 
} else { 
bytes = pak->length - tcp_ipbytes(tcb) + (tcp->dataoffset << 2); 
if (bytes > 0) { 

tcb->bytesoutcount += bytes; 

tcb->pakoutdata++; 

} 
tcb->pakoutcount++; 

if (tcppkt_debug) 

tcp_print(tcb, pak, tcp, 'O'); 

} 

/* 

* We're sending an ACK, so stop the ACK timer 

*/ 
tcp_stoptimer(tcb, ACKTIMEOUT); 
} 

/* 
* Write datagram to network. 
* Routing is done by IPv6. 
*/ 
pak->if_output = NULL; 
ipv6_write(pak, IPV6_STATS_TCP_OUTPUT); 
} 


/* 
* ipv6_tcp_icmp_received 
* 
* We received an ICMP error message about some datagram. 
* Check if it is for a TCP packet of ours belonging to an 
* active socket. Return TRUE if we absorbed it. 
*/ 
boolean 
ipv6_tcp_icmp_received (paktype *pak, ip6_hdr_t *ip, icmp6_hdr_t *icmp) 
{ 
tcptype *tcp; 
tcbtype *tcb; 
addrtype address; 

/* 
* We are looking for a returned TCP packet inside this ICMP message. 
*/ 
tcp = ipv6_icmp_find_ulp(pak, NULL, IPPROTO_TCP); 
if (!tcp) { 
return (FALSE); 
} 

/* 
* Check that enough of the originating packet was returned 
* that we can correctly examine the tcp sport and dport. 
* We need everything up to (but not including) the "window" field. 
*/ 
if (ip->ip6_plen + IPV6_HEADERBYTES - 

((char *)tcp - (char *)pak->network_start) 

< FIELDOFFSET(tcptype, window)) { 

ICMPV6_DEBUG("Not enough data returned - dropping packet"); 
return (FALSE); 
} 

/* 
* Find a matching TCB. 
*/ 
ipv6_addrtype_create(&ip->ip6_src, &address); 
tcb = find_tcb(GETSHORT(&tcp->destinationport), GETSHORT(&tcp->sourceport), 


&address, NULL, FALSE, FALSE, 0); 
if (tcb) { 
if (icmp->icmp6_type == ICMP6_PACKET_TOO_BIG) { 
tcp_pmtu_response(tcb, icmp->icmp6_mtu); 

} else if (tcb->state != ESTAB && tcb->state != CLOSEWAIT) { 
/* 
* Throw away TCBs that applications either don't know 
* about or don't care anymore. 
*/ 
if ((tcb->flags & TCB_GENTCBS && tcb->state == SYNRCVD) &#0124;&#0124; 
tcb->flags & TCB_APP_CLOSED) { 
tcp_async_cleanup(tcb, UNREACHABLE); 
} else { 
/* 
* Application is expected to close the connection 
* upon notification of the state change. 
*/ 
tcp_deallocatetcb(tcb, UNREACHABLE); 
} 
} 
} 
retbuffer(pak); 
return (TRUE); 
}

Top

Featured Member
Registered: 10/28/14
Posts: 1
Forum Stats
2152 Members
46 Forums
36214 Topics
71384 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29375
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
cdefgh368568, HushHush, golqm, Tim050, Gecko666
2151 Registered Users
Who's Online
0 registered (), 364 Guests and 340 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!