nanog mailing list archives

Re: NSA able to compromise Cisco, Juniper, Huawei switches

From: Saku Ytti <saku () ytti fi>
Date: Tue, 31 Dec 2013 20:48:43 +0200

On (2013-12-31 18:49 +0100), Enno Rey wrote:

some approaches were discussed in 2010, by Graeme Neilson from NZ here:

https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf

a later year, at the same conference, he gave a private session demonstrating basically the same stuff for JunOS, as 
ongoing (and, at the time, non-public) research.


If I read that correctly, it requires someone to install malicious code to the
box and won't persist if someone upgrades it later to non malicious code.

What the screenshot of NSA 'implant' says is persistently broken, through
malicious BIOS, which dynamically rewrites kernel in-memory post-boot.

The netscreen hack, is cute, but it's rather on the same difficulty level as
it is to build savegame editor for game.

-- 
  ++ytti

Current thread:

Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- - - Re: NSA able to compromise Cisco, Juniper, Huawei switches shawn wilson (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches sthaug (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Leo Bicknell (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches nanog () mitteilung com (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Enno Rey (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Jared Mauch (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Dec 31)
    - Juniper SSL VPN Sharma, Kapeel (Dec 31)
    - Re: Juniper SSL VPN Jamie Gwatkin (Dec 31)
    - RE: Juniper SSL VPN Sharma, Kapeel (Dec 31)
    - Re: Juniper SSL VPN Mike Hale (Dec 31)
    - Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)
    - Re: Juniper SSL VPN Eugeniu Patrascu (Dec 31)
    - Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Chris Boyd (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeff Kell (Dec 30)
    - RE: NSA able to compromise Cisco, Juniper, Huawei switches Keith Medcalf (Dec 30)

(Thread continues...)