Security Basics: RE: FAX a virus

["Craig Wright" <cwright () bdosyd com au>]

No, the attach is not against the fax. It is not via the fax comms. It
is simply an attack against a cisco over IP that you are assuming.

The cisco can not be attacked in the manner you suggest.

Please feel free to prove me wrong.

Craig

-----Original Message-----
From: Nick Duda [mailto:nduda () VistaPrint com]
Sent: Wednesday, 7 March 2007 4:18 AM
To: Craig Wright; anonymous () email com; security-basics () securityfocus com
Subject: RE: FAX a virus

Fax machine + Cisco ATA + IP + CallManager = Fax machine

Fax machine can = software

Fax can be IP/Software based....a possible vector for an attack.

________________________________

From: listbounce () securityfocus com on behalf of Craig Wright
Sent: Fri 3/2/2007 11:51 PM
To: anonymous () email com; security-basics () securityfocus com
Subject: RE: FAX a virus




FAX!
There is NO UDP/IP port. NO TCP/IP port. No IP Address.


FAX is not IP based.


Not theory at all. FUD!


Craig

________________________________

From: listbounce () securityfocus com on behalf of anonymous () email com
Sent: Fri 2/03/2007 6:31 AM
To: security-basics () securityfocus com
Subject: Re: FAX a virus



Perhaps something along these lines:

Dependant on resolving the phone number to an IP address of course, but
once that information is found either through social engineering or voip
probes you could use nmap to find which port is working as the fax
reciever then attempt to determine the type of fax machine and from
there if you knew assembly could *possibly (if the fax machine allowed
remote firmware upgrades) rewrite the firmware of the machine itself but
a more practical method would be to temporarily store information in the
buffer of the fax machine (this would cause garbage to be printed for
one thing which would be a big annoyance).

And from what you have described from your setup the software itself may
be vulnerable to memory bounds checks etc. You would want to research
the software using lists such as this if you are truely afraid of
vulnerabilities in your fax application.

Again this is more theoretical then practical but you get the idea.

------------------------------------------------------------------------
---
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/
ITNext/
------------------------------------------------------------------------
---




Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy.


Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.



Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.