nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: Leo Bicknell <bicknell () ufp org>
Date: Tue, 31 Dec 2013 09:03:15 -0600
On Dec 31, 2013, at 8:32 AM, Saku Ytti <saku () ytti fi> wrote:
I'm going to wait calmly for some of the examples being recovered from the field, documented and analysed.
If I were Cisco/Juniper/et all I would have a team working on this right now. It should be trivial for them to insert code into the routers that say, hashes all sorts of things (code image, BIOS, any PROMS and EERPOMS and such on the linecards) and submits all of those signatures back. Any APT that has been snuck into those things should be able to be detected. For most of them the signatures should be known, as the code shipped from the factory and was never intended to be modified (e.g. BIOS). A transparent public report about how many devices are running signatures they do not know would be very interesting. Plus, it's an opportunity to sell new equipment to those people, so they can rid themselves of the infection. I also wonder how this will change engineering going forward. Maybe the BIOS should be a ROM chip, not an EEPROM again. Maybe the write line needs to be run through a physical jumper on the motherboard that is normally not present. Why do we accept our devices, be it a PC or a router, can be "persistently" infected. The hardware industry needs to do better. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches [AP] NANOG (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches [AP] NANOG (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Blair Trosper (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jimmy Hess (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Blair Trosper (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Ray Soucy (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches shawn wilson (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches sthaug (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Leo Bicknell (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches nanog () mitteilung com (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Enno Rey (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Juniper SSL VPN Sharma, Kapeel (Dec 31)
- Re: Juniper SSL VPN Jamie Gwatkin (Dec 31)
- RE: Juniper SSL VPN Sharma, Kapeel (Dec 31)