[104753] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Alexander Harrowell)
Tue May 27 08:42:33 2008
Date: Tue, 27 May 2008 13:42:23 +0100
From: "Alexander Harrowell" <a.harrowell@gmail.com>
To: "Nicolas FISCHBACH" <nicolist@securite.org>
In-Reply-To: <483BB25A.4030204@securite.org>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
>An alternative rootkit ? Privilege level 16 used by the Lawful Intercept
>[12] feature could be abused to do some of this too. Or the other way
>around: use a "patched" IOS to keep an eye on Law Enforcement's >operations
on the router as privilege level 15 doesn't allow it and the only
>alternative is to sniff the traffic export.
The combination of rootkits and specially privileged Lawful Intercept
functions is a very dangerous one. This was precisely what was exploited in
the now-legendary and still unsolved Vodafone Greece hack.
Alex
