“By and large the whole thing is software, it’s just a computer,” he said of his demo Cisco router. “They do have a memory architecture that is kinda weird, but it’s not alien. They have buffers, if you copy more to that buffer than you should, it will overflow.”
Lynn gave much kudos to IOS’s programmers, saying it was “not easy” to hack around its countermeasures. The software almost never uses the “stack” part of memory that is the target of many overflow attacks against other products.
He said instead that attacks against IOS will almost always be against the “heap” part of memory. But this requires the attacker to forcibly terminate an IOS routine he called “check heap”, which he said is designed to prevent such attacks.
Lynn apparently did this by convincing “check heap” that it was already crashing and getting it into an infinite loop that caused other parts of the software to close it down, giving a window of a few minutes for the real attack to be executed.
“People weren’t doing this [kind of research], it wasn’t supposed to be possible, so there are still a lot of bugs in there to find,” he said. “That digital Pearl Harbor that politicians talking about, I don’t know if it will happen but I know what it will look like if we don’t change the way we look at IOS.”
