Re: [NANOG] IOS rootkits

[Anders B Jansson <hdw () kallisti se>]

n3td3v wrote:

> I'm interested in you saying things will be more secure because of the
> presentation, but how long will it
> take for things to be more secure and how big an attack window will
> the bad guys have after the presentation (A day, a week, a month, a
> year?) for putting rootkits into Cisco routers before the problem gets
> fixed? I don't want there to be an attack window of any length... even
> a day is too long, the bad guys could do a lot in a day.

Ok, I'm painfully aware that I'm feeding a pathetic troll, but I can't 
resist anymore, and I'll try to keep this non-technical since you don't
understand that part.

A root kit is unusable unless you already have the access to install it.

And _if_ you have access to install a root kit you have access to read, 
manipulate or install anything you want.

A published and well known root kit will actually make it easier to
detect that it has been installed on your equipment than something that
some evil geezer has written for himself.

And you are sadly wrong when it comes to what you call "attack window".

An "attack window" is between the point in time that a a piece of
software with a given weakness has been installed and until it has been
patched or removed.

It has nothing to do with when a weakness has been released into the
public, much less to do when a utility to use such a weakness has been
released into the public.

A large amount of all the weaknesses published has been known and been exploited
for a long time.

Scriptkiddies aren't a threat, they're a blessing.

They make any known weakness more than obvious, to the point that not the
most stubborn corporate manager can ignore the issue.
-- 
// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/