nanog mailing list archives
Re: Spectre/Meltdown impact on network devices
From: James Bensley <jwbensley () gmail com>
Date: Mon, 8 Jan 2018 14:29:51 +0000
On 7 January 2018 at 19:02, Jean | ddostest.me via NANOG <nanog () nanog org> wrote:
Hello, I'm curious to hear the impact on network devices of this new hardware flaws that everybody talk about. Yes, the Meltdown/Spectre flaws. I know that some Arista devices seem to use AMD chips and some say that they might be immune to one of these vulnerability. Still, it's possible to spawn a bash shell in these and one with limited privileges could maybe find some BGP/Ospf/SNMP passwords. Maybe it's also possible to leak a full config. I understand that one need access but still it could be possible for one to social engineer a NOC user, hijack the account with limited access and maybe run the "exploit". I know it's a lot of "if" and "maybe", but still I'm curious what is the status of big networking systems? Are they vulnerable? Thanks Jean
Some devices run affected Intel chips like the Cisco ASR9000 series and they run Perl and Python so very exploitable I would expect, IF you have shell access. There are much more serious security issues out there to worry about for networking gear than Meltdown/Spectre, e.g. this great CCC34 preso where the attacker runs remote code on a Cisco device and removes the password authentication for Telnet: https://events.ccc.de/congress/2017/Fahrplan/events/8936.html The video is on the CCC YouTube channel: https://www.youtube.com/watch?v=fA6W9_zLCeA If somebody has shell access you're basically knackered, I'm more concerned about these kinds of remote exploits as demonstrated. Proper iACLs/CoPPs and IDS/IPS, good patching cycles etc. Cheers, James.
Current thread:
- Spectre/Meltdown impact on network devices Jean | ddostest.me via NANOG (Jan 07)
- Re: Spectre/Meltdown impact on network devices Josh Reynolds (Jan 07)
- Re: Spectre/Meltdown impact on network devices William Herrin (Jan 07)
- Re: Spectre/Meltdown impact on network devices Masataka Ohta (Jan 07)
- Re: Spectre/Meltdown impact on network devices William Herrin (Jan 07)
- Message not available
- Re: Spectre/Meltdown impact on network devices Masataka Ohta (Jan 08)
- Re: Spectre/Meltdown impact on network devices Masataka Ohta (Jan 07)
- Re: Spectre/Meltdown impact on network devices Denys Fedoryshchenko (Jan 07)
- Re: Spectre/Meltdown impact on network devices Stephane Bortzmeyer (Jan 08)
- Re: Spectre/Meltdown impact on network devices Saku Ytti (Jan 08)
- Re: Spectre/Meltdown impact on network devices Stephane Bortzmeyer (Jan 08)
- Re: Spectre/Meltdown impact on network devices James Bensley (Jan 08)