[104817] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue May 27 17:07:04 2008
Date: Tue, 27 May 2008 16:06:54 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <21778.1211907437@turing-police.cc.vt.edu>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Tue, 27 May 2008 Valdis.Kletnieks@vt.edu wrote:
> On Tue, 27 May 2008 11:02:32 CDT, Gadi Evron said:
>> On Tue, 27 May 2008, Jared Mauch wrote:
>>> *yawn*
>>
>> I guess we will wait for the next one before waking up, than.
>
> No Gadi. What Jared is saying is that there are exactly *ZERO* routers
> (for some infinitesimally small value of zero) that will get rootkitted
> that weren't *already* vulnerable to the stuff that Lynn talked about
> three years ago.
>
> There's basically 2 classes of Cisco routers out there:
>
> 1) Ones managed by Jared and similarly clued people, who can quite rightfully
> yawn because the specter of "IOS rootkits" changes nothing in their actual
> threat model - they put stuff in place 3 years ago to mitigate "Lynn-style IOS
> pwnage", and it will stop this just as well. Move along, nothing to see.
>
> 2) Ones managed by unclued people. And quite frankly, if Lynn didn't wake
> them up 3 years ago, this isn't going to wake them up either. Move along,
> nothing new to see here either.
>
> "60% of routers run by bozos who shouldn't have enable. Film at 11".
>
> *yawn*.
>
My bad. Sorry Jared.
