nanog mailing list archives
Re: [NANOG] IOS rootkits
From: "Tony Varriale" <tvarriale () comcast net>
Date: Fri, 16 May 2008 22:57:34 -0500
IIRC, the toolkit(s) can only be installed once having priv 15 on the device. If this is the case, the practicality of this is...well...not that significant. I do think the significance is that we are getting closer and closer to treating infrastructure devices as end stations with respect to susceptibility. Looking forward to seeing all the details. Gadi, have fun :) tv ----- Original Message ----- From: "Gadi Evron" <ge () linuxbox org> To: <nanog () merit edu> Sent: Friday, May 16, 2008 8:06 PM Subject: [NANOG] IOS rootkits
At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS rootkit. skip below for the news item itself. We've had discussions on this before, here and elsewhere. I've been heavily attacked on the subject of considering router security as an issue when compared to routing security. I have a lot to say about this, looking into this threat for a few years now and having engaged different organizations within Cisco on the subject in the past. Due to what I refer to as an "NDA of honour" I will just relay the following until it is "officially" public, then consider what should be made public, including: 1. Current defense startegies possible with Cisco gear 2. Third party defense strategies (yes, they now exist) 2. Cisco response (no names or exact quotes will likely be given) 3. A bet on when such a rootkit would be public, and who won it (participants are.. "relevant people"). From: http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.html "A security researcher has developed malicious rootkit software for Cisco's routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic. Sebastian Muniz, a researcher with Core Security Technologies, developed the software, which he will unveil on May 22 at the EuSecWest conference in London. " Gadi Evron. _______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
_______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
Current thread:
- [NANOG] IOS rootkits Gadi Evron (May 16)
- Re: [NANOG] IOS rootkits Paul Wall (May 16)
- Re: [NANOG] IOS rootkits Gadi Evron (May 16)
- Re: [NANOG] IOS rootkits Dragos Ruiu (May 16)
- Re: [NANOG] IOS rootkits Deepak Jain (May 19)
- Re: [NANOG] IOS rootkits Buhrmaster, Gary (May 19)
- Re: [NANOG] IOS rootkits Deepak Jain (May 19)
- Re: [NANOG] IOS rootkits Gadi Evron (May 20)
- Re: [NANOG] IOS rootkits Deepak Jain (May 19)
- Re: [NANOG] IOS rootkits Paul Wall (May 16)
- Re: [NANOG] IOS rootkits Tony Varriale (May 16)
- <Possible follow-ups>
- Re: [NANOG] IOS rootkits Paul Ferguson (May 16)
- Re: [NANOG] IOS rootkits Paul Wall (May 16)
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Simon Lockhart (May 17)
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Re: [NANOG] IOS rootkits Mark Smith (May 17)
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Paul Wall (May 16)