Re: [NANOG] IOS rootkits

[Jack Bates <jbates () brightok net>]

Florian Weimer wrote:
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
>
> <http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
>
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).

Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is 
activated on their router. The processor utilization takes a major spike. What 
it's doing might not be known, though umm, even intercept traffic itself can be 
intercepted or redirected through portions of the network where it can be 
intercepted. ;)

Jack

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog