nanog mailing list archives
RE: IOS Rookit: the sky isn't falling (yet)
From: <michael.dillon () bt com>
Date: Tue, 27 May 2008 18:15:31 +0100
This seems like such a non-event because what is the exploit path to load the image? There needs to be a primary exploit to load the malware image.
Hmmm. Get a job servicing/installing data centre HVAC systems, wait until you get called out to a mostly empty data center, lift some floor tiles or change a flash with tongs through a wire cage, or whatever. Maybe make some "fog" in the room to block the security cameras while you do your work. Maybe bribe the security guard to look the other way, or just bribe the NOC employees. There are hundreds of ways for a primary exploit to happen. The Internet data center may not be the primary target of the people who try these things, i.e. Cisco's main customer base is the enterprise, not the ISP. The fact is that there are more and more reasons why someone would go to all the trouble of exploiting one or two routers in this way. Do you have the processes and systems to demonstrate that it has not happened already? --Michael Dillon
Current thread:
- RE: IOS Rookit: the sky isn't falling (yet), (continued)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Jim Wise (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- Re: IOS Rookit: the sky isn't falling (yet) Steven M. Bellovin (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron (May 27)
- Re: IOS Rookit: running hacked binaries certainly places you at risk! Jared Mauch (May 27)
- Re: IOS Rookit: running hacked binaries certainly places you at risk! Gadi Evron (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)