[104775] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Chris Grundemann)
Tue May 27 13:26:54 2008
Date: Tue, 27 May 2008 11:24:19 -0600
From: "Chris Grundemann" <cgrundemann@gmail.com>
To: "Adrian Chadd" <adrian@creative.net.au>
In-Reply-To: <20080527171319.GE2135@skywalker.creative.net.au>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Tue, May 27, 2008 at 11:13 AM, Adrian Chadd <adrian@creative.net.au> wrote:
>
> Bloody network people, always assuming their network security stops at
> their router.
>
> So nowthat someone's done the hard lifting to backdoor an IOS binary,
> and I'm assuming you all either upgrade by downloading from the cisco.com
> website or maintain a set of your own images somewhere, all one needs
> to do is insert themselves into -that- path and you're screwed.
>
> Hijacking prefixes isn't hard. That was presented at the same security
> conference.
>
> Cracking a UNIX/Windows management/FTP/TFTP host isn't impossible - how
> many large networks have their server infrastructure run by different
> people to their network infrastructure? Lots and lots? :)
>
> Sure, its not all fire and brimstone, but the bar -was- dropped a little,
> and somehow you need to make sure that the IOS thats sitting on your
> network management site is indeed the IOS that you put there in the
> first place..
Like MD5 File Validation? - "MD5 values are now made available on
Cisco.com for all Cisco IOS software images for comparison against
local system image values."
~Chris
>
>
>
>
> Adrian
>
>
>
--
Chris Grundemann
www.linkedin.com/in/cgrundemann
