[104773] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue May 27 13:22:59 2008
Date: Tue, 27 May 2008 13:22:52 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.62.0805271102000.1394@linuxbox.org>
Errors-To: nanog-bounces@nanog.org
On Tue, 27 May 2008, Gadi Evron wrote:
>> Perhaps the above should be simplified.
>>
>> Running a hacked/modded IOS version is a dangerous prospect.
>>
>> This seems like such a non-event because what is the exploit path to load
>> the image? There needs to be a primary exploit to load the malware image.
>>
>> *yawn*
>
> I guess we will wait for the next one before waking up, than.
If you let people load unauthorized images on your equipment, you
probably have bigger problems than potential rootkits. It may be a better
use of resources to prevent people from installing unauthorized images on
your hardware versus debating all the things an unauthorized image could
do after it is installed.
Other things you could install rootkits on, if you can load
unauthorized images on the device:
Anything with a CPU and loadable images.
Even old fashion printing presses are vulnerable to the old fashion
version of a rootkit. If you could replace the printing press plates
with unauthorized plates, you could change what the printing press
printed. Modifying printing plates is the easy part, getting the
unauthorized printing plates on the printing press is the trick.
