nanog mailing list archives

Re: NSA able to compromise Cisco, Juniper, Huawei switches


From: Warren Bailey <wbailey () satelliteintelligencegroup com>
Date: Tue, 31 Dec 2013 19:16:18 +0000

+1

NSA states very clearly this is baked in and ³widely deployed². Either
Cisco is not very happy with their government overlords today, or they are
having long meetings at those oversized conference tables trying to figure
out what to tell everyone. I¹m curious about the implications to the US
DoD STIG¹s that are put out, as I¹m fairly sure they do not mention there
is a backdoor that anyone who knows how to knock can access.

My other question is.. How are they identifying unique ASA and PIX? Is
there a fingerprint mechanism that tells it what¹s going on? I¹d think
there would be quite a few admins out there with really weird syslog
entries??

Randy is right here.. Cisco has some Œsplainin to do - we buy these
devices as ³security appliances², not NSA rootkit gateways. I hope the .cn
guys don¹t figure out what¹s going on here, I¹d imagine there are plenty
of ASA¹s in the .gov infrastructures.

//warren

PS - I mentioned .cn specifically because of the Huawei aspect, in
addition to the fact that it has been widely publicized we are in a ³cyber
war² with them. 

On 12/31/13, 12:07 PM, "Randy Bush" <randy () psg com> wrote:

There's a limit to what can reasonably be called a *product*
vulnerability.

right.  if the product was wearing a low-cut blouse and a short skirt,
it's not.

it's weasel words (excuse the idiom).  shoveling kitty litter over a big
steaming pile.

let me insert a second advert for jake's 30c3 preso,
https://www.youtube.com/watch?v=b0w36GAyZIA

randy




Current thread: