nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: Jonathan Greenwood II <gwood83 () gmail com>
Date: Tue, 31 Dec 2013 11:34:02 -0800
The best response I've seen to all this hype and I completely agree with Scott: "Do ya think that you wouldn't also notice a drastic increase in outbound traffic to begin with? It's fun to watch all the hype and things like that, but to truly sit down and think about what it would actually take to make something like this happen, especially on a sustained and "unnoticed" basis, is just asinine. Perhaps more work should be spent maintaining ones own equipment and network than debating the chances that the sky may actually be falling or the NSA hunting your ass down. ;) Just my two cents for the day! Happy New Year! Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713, CCDE #2009::D, CCNP-Data Center, CCNP-Voice, JNCIE-SP #153, JNCIE-ENT #102, JNCIS-QFX, CISSP, et al. IPv6 Gold Certified Engineer, IPv6 Gold Certified Trainer CCSI #21903, JNCI-SP, JNCI-ENT, JNCI-QFX swm () emanon com Knowledge is power. Power corrupts. Study hard and be Eeeeviiiil......" Jonathan On Tue, Dec 31, 2013 at 11:16 AM, Warren Bailey < wbailey () satelliteintelligencegroup com> wrote:
+1 NSA states very clearly this is baked in and ³widely deployed². Either Cisco is not very happy with their government overlords today, or they are having long meetings at those oversized conference tables trying to figure out what to tell everyone. I¹m curious about the implications to the US DoD STIG¹s that are put out, as I¹m fairly sure they do not mention there is a backdoor that anyone who knows how to knock can access. My other question is.. How are they identifying unique ASA and PIX? Is there a fingerprint mechanism that tells it what¹s going on? I¹d think there would be quite a few admins out there with really weird syslog entries?? Randy is right here.. Cisco has some Œsplainin to do - we buy these devices as ³security appliances², not NSA rootkit gateways. I hope the .cn guys don¹t figure out what¹s going on here, I¹d imagine there are plenty of ASA¹s in the .gov infrastructures. //warren PS - I mentioned .cn specifically because of the Huawei aspect, in addition to the fact that it has been widely publicized we are in a ³cyber war² with them. On 12/31/13, 12:07 PM, "Randy Bush" <randy () psg com> wrote:There's a limit to what can reasonably be called a *product* vulnerability.right. if the product was wearing a low-cut blouse and a short skirt, it's not. it's weasel words (excuse the idiom). shoveling kitty litter over a big steaming pile. let me insert a second advert for jake's 30c3 preso, https://www.youtube.com/watch?v=b0w36GAyZIA randy
-- Jonathan Greenwood II CCIE #22744
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches, (continued)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- RE: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeremy Bresley (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeremy Bresley (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Clay Kossmeyer (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Sharif Torpis (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Florian Weimer (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jonathan Greenwood II (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches sthaug (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Paul Ferguson (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Florian Weimer (Dec 31)