[104545] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [NANOG] IOS rootkits

daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat May 17 17:03:36 2008

From: Florian Weimer <fw@deneb.enyo.de>
To: Joel Jaeggli <joelja@bogus.com>
Date: Sat, 17 May 2008 23:03:12 +0200
In-Reply-To: <482EF037.1050205@bogus.com> (Joel Jaeggli's message of "Sat, 17
	May 2008 07:48:23 -0700")
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org

* Joel Jaeggli:

> The existence proof of a root kit does little if anything to change how 
> one protects and secures the control plane.

| Network administrators are not able to observe Lawful Intercept is
| enabled. No Lawful Intercept program messages or error messages are ever
| displayed on the console.

<http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>

This is a Sony-style rootkit, but it certainly demonstrate that the
concept is feasible (surprise).

_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[104545] in North American Network Operators' Group

Re: [NANOG] IOS rootkits

daemon@ATHENA.MIT.EDU (Florian Weimer)Sat May 17 17:03:36 2008

daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat May 17 17:03:36 2008