Full Disclosure mailing list archives
Re: XKeyscore sees 'nearly EVERYTHING you do
From: Valdis.Kletnieks () vt edu
Date: Sun, 11 Aug 2013 10:00:16 -0400
On Sat, 10 Aug 2013 22:16:15 -0400, Pedro Luis Karrasquillo said:
NSA picks this up remotely via a very secret SNMP command.
So has anybody ever spotted this SNMP command in a tcpdump? Found the code that handles it in net-snmp? Cisco IOS? JunOS? Nobody's ever caught their supervisor CPU get pegged due to SNMP management? Nobody spotted it a few years ago when everybody and their pet llama was fuszzing SNMP implementations? Not one "Hey, that command didn't get rejected, wonder what it does"? If it isn't on a device installed on the local net, how does the SNMP packet get through firewalls and/or airgaps to the management network? And more importantly, how does the return traffic get exfiltrated without being noticed? Occam's Razor suggests it's much more likely to be very similar in form and function to a CALEA box on steroids. Not saying the NSA isn't sucking up data - but I've seen no plausible evidence that it's done via SNMP.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: XKeyscore sees 'nearly EVERYTHING you do Pedro Luis Karrasquillo (Aug 11)
- Re: XKeyscore sees 'nearly EVERYTHING you do Valdis . Kletnieks (Aug 11)
- Re: XKeyscore sees 'nearly EVERYTHING you do Justin Elze (Aug 11)
- Re: XKeyscore sees 'nearly EVERYTHING you do jk3380 (Aug 13)
- Re: XKeyscore sees 'nearly EVERYTHING you do Michal Purzynski (Aug 11)
- Re: XKeyscore sees 'nearly EVERYTHING you do Grandma Eubanks (Aug 11)
- <Possible follow-ups>
- Re: XKeyscore sees 'nearly EVERYTHING you do peter_toyota (Aug 11)
- Re: XKeyscore sees 'nearly EVERYTHING you do Valdis . Kletnieks (Aug 11)