[104572] in North American Network Operators' Group
Re: [NANOG] IOS rootkits
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon May 19 11:08:21 2008
Date: Mon, 19 May 2008 10:07:48 -0500
From: Jack Bates <jbates@brightok.net>
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: <87fxsgk5in.fsf@mid.deneb.enyo.de>
Cc: Joel Jaeggli <joelja@bogus.com>, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Florian Weimer wrote:
>
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
>
> <http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
>
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).
>
Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is
activated on their router. The processor utilization takes a major spike. What
it's doing might not be known, though umm, even intercept traffic itself can be
intercepted or redirected through portions of the network where it can be
intercepted. ;)
Jack
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog