nanog mailing list archives
Re: [NANOG] IOS rootkits
From: <michael.dillon () bt com>
Date: Sat, 17 May 2008 22:45:10 +0100
The question isn't IF routers have security vunerabilities, but whether Gadi has an example he can demonstrate now of installing a root kit on an IOS router NOW or not.
That's not really the question. In fact, there are two questions. First, are routers really embedded devices running a software operating system? Secondly who can you trust in regards to security of your routers. On the first question, I don't think anyone will argue that routers are not capable of being compromised by software. Some may argue that compromising the software from the public Internet is virtually impossible and statistically unlikely, but most organizations now realize that hard shell security is a fantasy. The real danger is an insider who has enable on the router and who takes money to install a trojan, or the reseller who sells you a router with trojans already installed. Let's face it, if the NSA now believes there is a serious risk of counterfeit hardware that has been modified to contain hardware trojans, then the much easier to achieve software trojans should be a greater risk, and therefore worthy of attention. But the second question is the more interesting one in the context of NANOG. Can we trust Gadi? Can we trust the people who pop up and try to smear Gadi in some way? I haven't a clear answer here except to say that Gadi is a well-known person whose biases and possible motives (consultancy work) are well known. Same thing could be said about Cisco or Microsoft and this may make Gadi (or Cisco) more trustable about some things and less trustable about others. But everybody on this list deals with certainties like this every day. It's the people who pop up and smear Gadi that I really wonder about. There seems to be no good reason for this, unless possibly they are blackhats of some sort. I remember a few years ago when William Leibzon posted about his work which eventually became completewhois.com and several blackhats popped up and tried to smear him. So when people attack Gadi or anyone else with no substantive facts to justify those attacks, I always assume that they are part of the criminal gangs who drive network abuse in the 21st century. Of course they may just be harmless fools who think that they will become better network operators if they can become part of the in group. Who knows... Personally, I am not particularly disturbed that security vulnerabilities are announced with few substantive details. That's just the way things are normally done in the real world. --Michael Dillon _______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
Current thread:
- Re: [NANOG] IOS rootkits, (continued)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Re: [NANOG] IOS rootkits Mark Smith (May 17)
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Message not available
- Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
- Re: [NANOG] IOS rootkits Tuc at T-B-O-H.NET (May 17)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Re: [NANOG] IOS rootkits Joel Jaeggli (May 17)
- Re: [NANOG] IOS rootkits Florian Weimer (May 17)
- Re: [NANOG] IOS rootkits Jack Bates (May 19)
- Re: [NANOG] IOS rootkits michael.dillon (May 17)
- Re: [NANOG] IOS rootkits Paul Wall (May 19)
- Re: [NANOG] IOS rootkits Suresh Ramasubramanian (May 17)
- Re: [NANOG] IOS rootkits Jon Kibler (May 17)
- Re: [NANOG] IOS rootkits n3td3v (May 17)
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Message not available
- Re: [NANOG] IOS rootkits Gadi Evron (May 17)
- Re: [NANOG] IOS rootkits Dragos Ruiu (May 18)
- Re: [NANOG] IOS rootkits Suresh Ramasubramanian (May 18)
- Re: [NANOG] IOS rootkits Gadi Evron (May 18)
- Re: [NANOG] IOS rootkits Dragos Ruiu (May 18)