Re: [Full-disclosure] Cisco IOS Shellcode Presentation

[Randall Perry <lists@xxxxxxxxxxxxxxxx>]

Quoting Valdis.Kletnieks@xxxxxx:
<snip> 
> Your only perfect defense here is implementing all of it in a custom ASIC,
> which in itself is insane - if a logic or timing bug is found, you're
> looking at having to do a hardware replacement rather than just downloading
> a new software load.  You can cut some of the pain with an FPGA, but that's 
> still a whole different league than a software solution.
System-on-a-chip design can be very cost effective when used on a massive scale.
 (just look at 3M cards from Newcomm used in the [formerly] Hughes satellite
network).

when embedded into a familiar form-factor (like a credit card or smart card),
replacements for updates is easy.  Thousands upon thousands of users performing
user-friendly updates with a simple card swap.

Even for producing less than 500 units there are vendors ready to jump at the
chance to replace FPGA setups (because we are talking about complex 2k+ gate 
count).

Unlike PC's, the design wouldn't have to be retooled with every lunar cycle.
Maybe once every 6 months or a year.  

Just give Oxford Semiconductor or AMI a call.
> You think debugging a BGP wedgie(*) is tough now, remember that even IOS is
> able to do a small amount of introspection and tell you what's going on.
Is that what you call what you do to someone who provides 'fault tolerance'
through round-robin DNS? A bgp wedgie? 

> almost impossible with an ASIC or FPGA based solution...
> 
> (*) Yes, it's really called that.  Google for 'BGP Wedgie' if you don't
> believe me. :)
Ah, flashbacks of highschool. 

-RandallP
                   \|/
    /\            - O -
\  /__\    /\      /|\      /
 \/    \/\/  \_____________/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/