nanog mailing list archives

Re: NSA able to compromise Cisco, Juniper, Huawei switches

From: Valdis.Kletnieks () vt edu
Date: Tue, 31 Dec 2013 13:58:23 -0500

On Mon, 30 Dec 2013 19:38:12 -0800, Sabri Berisha said:

However, attempting any of the limited attacks that I can think of would
require expert-level knowledge of not just the overall architecture, but also
of the microcode that runs on the specific PFE that the attacker would target,


Already solved problem, from back in the Internet Stone Age.

I remember seeing an exploit that asked you whether the target was
SunOS 3.2, patch 1, 2, or 3, and launched the correct attack for each. And
I can think of a lot of different ways to make the router cough up the
needed info (or you can just brute-force loop over all the options till
one works - leave the vendor support guy wondering why that line card
rebooted 5 time in an hour and then suddenly became rock solid again :)

Attachment: _bin
Description:

Current thread:

RE: Juniper SSL VPN, (continued)
- - - RE: Juniper SSL VPN Sharma, Kapeel (Dec 31)
    - Re: Juniper SSL VPN Mike Hale (Dec 31)
    - Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)
    - Re: Juniper SSL VPN Eugeniu Patrascu (Dec 31)
    - Re: Juniper SSL VPN Valdis . Kletnieks (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Chris Boyd (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Jeff Kell (Dec 30)
    - RE: NSA able to compromise Cisco, Juniper, Huawei switches Keith Medcalf (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Eugeniu Patrascu (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Valdis . Kletnieks (Dec 31)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Marco Teixeira (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches jim deleskie (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches Jay Ashworth (Dec 30)
    - Re: NSA able to compromise Cisco, Juniper, Huawei switches William Waites (Dec 30)
  - Re: NSA able to compromise Cisco, Juniper, Huawei switches Dobbins, Roland (Dec 30)
- RE: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 30)

(Thread continues...)