nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: Jared Mauch <jared () puck nether net>
Date: Tue, 31 Dec 2013 11:57:15 -0500
On Dec 31, 2013, at 11:50 AM, Saku Ytti <saku () ytti fi> wrote:
I asked earlier today JTAC (#2013-1231-0033) and JTAC asked SIRT for tool to read BIOS and output SHA2 or SHA3 hash, and such tool does not exist yet. I'm dubious, it might be possible even with existing tools. At least it's possible to reflash the BIOS with stock JunOS, as lot of us had to do due to misformatted SSD disks. But fully agreed some of these sanity checks should be added, it's not cure all, maybe the attack changes the answers before showing them, maybe BIOS comes infected from Juniper or from Kontron. But it would create additional barrier. I also emailed Kontrol and told it would be prudent for them to do press release also. Just to know what their public/official statement is.
Most of the vendors (I think Cisco/Juniper) have many of their staff out on vacation this week. I believe both are doing the "mandatory shutdown" or similar that I've seen other folks do around this season. Arbor networks did something similar as well this year. If you are looking at your hardware, you can get inexpensive flash readers/writers out there. I have one I use when doing low level hardware work. There's also tools for your servers (eg: Flashrom) which are available in your favorite repos/ports/elsewhere and work on Linux/FreeBSD/others. You can use this to typically read/checksum your bios quickly on supported hardware. I'm sure they would love to have the efforts that have gone into this e-mail thread followed-up with hardware/research/contributions to improve the software. It shouldn't be too hard for you to read your bios and load it into ida pro or similar to perform checks. - Jared
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jimmy Hess (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Blair Trosper (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Ray Soucy (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches shawn wilson (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches sthaug (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Leo Bicknell (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches nanog () mitteilung com (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Enno Rey (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
- Juniper SSL VPN Sharma, Kapeel (Dec 31)
- Re: Juniper SSL VPN Jamie Gwatkin (Dec 31)
- RE: Juniper SSL VPN Sharma, Kapeel (Dec 31)
- Re: Juniper SSL VPN Mike Hale (Dec 31)
- Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)
- Re: Juniper SSL VPN Eugeniu Patrascu (Dec 31)
- Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)