[104772] in North American Network Operators' Group
RE: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Tue May 27 13:14:23 2008
Date: Tue, 27 May 2008 18:15:31 +0100
In-Reply-To: <79AF9AD3-889F-408D-99FE-902930C402EC@puck.nether.net>
From: <michael.dillon@bt.com>
To: <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
> This seems like such a non-event because what is the exploit=20
> path to load the image? There needs to be a primary exploit=20
> to load the malware image.
Hmmm. Get a job servicing/installing data centre HVAC systems,
wait until you get called out to a mostly empty data center,
lift some floor tiles or change a flash with tongs through a
wire cage, or whatever. Maybe make some "fog" in the room to
block the security cameras while you do your work. Maybe bribe=20
the security guard to look the other way, or just bribe the=20
NOC employees.
There are hundreds of ways for a primary exploit to happen.
The Internet data center may not be the primary target of the
people who try these things, i.e. Cisco's main customer base
is the enterprise, not the ISP.=20
The fact is that there are more and more reasons why someone
would go to all the trouble of exploiting one or two routers
in this way. Do you have the processes and systems to demonstrate
that it has not happened already?
--Michael Dillon
