nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: Ray Soucy <rps () maine edu>
Date: Mon, 30 Dec 2013 12:00:57 -0500
Looking more at the actual leaked information it seems that if the NSA is working with companies, it's not anything the companies are likely aware of. The common form of infection seems to be though software updates performed by administrators (through the NSA hijacking web traffic). They are implimented as firmware and BIOS infections that modify the OS image and persist through software upgrades to provide a persistant back door (PBD). The documents imply that a signiciant of systems deployed are already infected. So this isn't an issue of the NSA working with Cisco and Juniper to include back doors, it's an issue of the NSA modifying those releases after the fact though BIOS implants. Where exatcly the NSA is inserting these we can't be sure. They could be targeted or they could be at the assembly line. Quick Summary of Leaked Information: Source: http://www.spiegel.de/international/world/a-941262.html Firewalls: (1) Cisco PIX and ASA: Codename "JETPLOW" (2) Huawei Eudemon: Codename "HALLUXWATER" (3) Juniper Netscreen and ISG: Codename: "FEEDTROUGH" (4) Juniper SSG and Netscreen G5, 25, and 50, SSG-series: Codename: "GOURMETTROUGH" (5) Juniper SSG300 and SSG500: Codename "SOUFFLETROUGH" Routers: (1) Huawei Router: Codename "HEADWATER" (2) Juniper J-Series: Codename "SCHOOLMONTANA" (3) Juniper M-Series: Codename "SIERRAMONTANA" (4) Juniper T-Series: Codename "STUCCOMONTANA" Servers: (1) HP DL380 G5: Codename "IRONCHEF" (2) Dell PowerEdge: Codename "DEITYBOUNCE" (3) Generic PC BIOS: Codename "SWAP", able to compromise Windows, Linux, FreeBSD, or Solaris using FAT32, NTFS, EXT2, EXT3, or UFS filesystems. USB Cables and VGA Cables: Codename "COTTONMOUTH", this one is a hardware implmant hidden in a USB cable. The diagram shows it's small enough that you would never know its there. Codename "RAGEMASTER", VGA cable, mirrors VGA over the air. Many others. I'm not sure that the list is comprehensive, so I wouldn't say that since Cisco routers are not mentioned (for example) that they're any more safe than Juniper (which is listed often). On Mon, Dec 30, 2013 at 11:50 AM, Dobbins, Roland <rdobbins () arbor net>wrote:
On Dec 30, 2013, at 11:18 PM, Sam Moats <sam () circlenet us> wrote:This might be an interesting example of it's (mis)use. http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005That's one of the cases I know about; it was utilized via Ericsson gear. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
-- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Ray Soucy (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches shawn wilson (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Valdis . Kletnieks (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Michael Thomas (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Enno Rey (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Sam Moats (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Ray Soucy (Dec 30)
- RE: NSA able to compromise Cisco, Juniper, Huawei switches Lorell Hathcock (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches shawn wilson (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Ray Soucy (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Sabri Berisha (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Blake Dunlap (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)