[104769] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 27 12:57:26 2008
To: Gadi Evron <ge@linuxbox.org>
In-Reply-To: Your message of "Tue, 27 May 2008 11:02:32 CDT."
<Pine.LNX.4.62.0805271102000.1394@linuxbox.org>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 May 2008 12:57:17 -0400
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1211907437_3133P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 May 2008 11:02:32 CDT, Gadi Evron said:
> On Tue, 27 May 2008, Jared Mauch wrote:
> > *yawn*
>
> I guess we will wait for the next one before waking up, than.
No Gadi. What Jared is saying is that there are exactly *ZERO* routers
(for some infinitesimally small value of zero) that will get rootkitted
that weren't *already* vulnerable to the stuff that Lynn talked about
three years ago.
There's basically 2 classes of Cisco routers out there:
1) Ones managed by Jared and similarly clued people, who can quite rightfully
yawn because the specter of "IOS rootkits" changes nothing in their actual
threat model - they put stuff in place 3 years ago to mitigate "Lynn-style IOS
pwnage", and it will stop this just as well. Move along, nothing to see.
2) Ones managed by unclued people. And quite frankly, if Lynn didn't wake
them up 3 years ago, this isn't going to wake them up either. Move along,
nothing new to see here either.
"60% of routers run by bozos who shouldn't have enable. Film at 11".
*yawn*.
--==_Exmh_1211907437_3133P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIPD1tcC3lWbTT17ARAoDyAJwLrAmGLae8PNcxu1q8tcom6E9uEgCfbUrU
zZJVGNFIyX3K651akVI1UJU=
=E6N3
-----END PGP SIGNATURE-----
--==_Exmh_1211907437_3133P--
