Full Disclosure mailing list archives
Re: [NANOG] IOS rootkits
From: Anders B Jansson <hdw () kallisti se>
Date: Wed, 21 May 2008 22:38:39 +0200
n3td3v wrote:
I'm interested in you saying things will be more secure because of the presentation, but how long will it take for things to be more secure and how big an attack window will the bad guys have after the presentation (A day, a week, a month, a year?) for putting rootkits into Cisco routers before the problem gets fixed? I don't want there to be an attack window of any length... even a day is too long, the bad guys could do a lot in a day.
Ok, I'm painfully aware that I'm feeding a pathetic troll, but I can't resist anymore, and I'll try to keep this non-technical since you don't understand that part. A root kit is unusable unless you already have the access to install it. And _if_ you have access to install a root kit you have access to read, manipulate or install anything you want. A published and well known root kit will actually make it easier to detect that it has been installed on your equipment than something that some evil geezer has written for himself. And you are sadly wrong when it comes to what you call "attack window". An "attack window" is between the point in time that a a piece of software with a given weakness has been installed and until it has been patched or removed. It has nothing to do with when a weakness has been released into the public, much less to do when a utility to use such a weakness has been released into the public. A large amount of all the weaknesses published has been known and been exploited for a long time. Scriptkiddies aren't a threat, they're a blessing. They make any known weakness more than obvious, to the point that not the most stubborn corporate manager can ignore the issue. -- // hdw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [NANOG] IOS rootkits, (continued)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Dr. J Swift (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Valdis . Kletnieks (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits Dr. J Swift (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)
- Re: [NANOG] IOS rootkits A . L . M . Buxey (May 21)
- Re: [NANOG] IOS rootkits mutiny (May 22)
- Re: [NANOG] IOS rootkits n3td3v (May 21)
- Re: [NANOG] IOS rootkits Anders B Jansson (May 21)
- Re: [NANOG] IOS rootkits mutiny (May 22)
- Re: [NANOG] IOS rootkits Valdis . Kletnieks (May 20)
- Re: [NANOG] IOS rootkits A . L . M . Buxey (May 21)
- Re: [NANOG] IOS rootkits Dr. J Swift (May 20)
- Re: [NANOG] IOS rootkits n3td3v (May 20)