[167876] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Dec 31 10:03:53 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <20131231143229.GA6690@pob.ytti.fi>
Date: Tue, 31 Dec 2013 09:03:15 -0600
To: Saku Ytti <saku@ytti.fi>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_2E288E56-71E1-4746-81D8-95152728DD2F
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
On Dec 31, 2013, at 8:32 AM, Saku Ytti <saku@ytti.fi> wrote:
> I'm going to wait calmly for some of the examples being recovered from the
> field, documented and analysed.
If I were Cisco/Juniper/et all I would have a team working on this right now.
It should be trivial for them to insert code into the routers that say,
hashes all sorts of things (code image, BIOS, any PROMS and EERPOMS and
such on the linecards) and submits all of those signatures back. Any
APT that has been snuck into those things should be able to be detected. For
most of them the signatures should be known, as the code shipped from the
factory and was never intended to be modified (e.g. BIOS). A transparent
public report about how many devices are running signatures they do not
know would be very interesting.
Plus, it's an opportunity to sell new equipment to those people, so they
can rid themselves of the infection.
I also wonder how this will change engineering going forward. Maybe the
BIOS should be a ROM chip, not an EEPROM again. Maybe the write line needs
to be run through a physical jumper on the motherboard that is normally
not present.
Why do we accept our devices, be it a PC or a router, can be "persistently"
infected. The hardware industry needs to do better.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Apple-Mail=_2E288E56-71E1-4746-81D8-95152728DD2F
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIVAwUBUsLctrN3O8aJIdTMAQIv0g/+L3TObPQCXucIFEYj4otK/oeiBOZ5UWdh
t9ToQ8XialE12+/MmPsVPowbSUK/MwmSFDeTHJvzhC45wpPC1EzTzXbEAaL9Zk1W
/Kztn1LSKPT/K2ETkAz3TLDfdFaIftZgqNHUgt44wLgWtUWbnaBnJLJsw1SKjXN3
35McXNwa4B1R+LNH7JXzcCa18F/FeajXfRlVk0cLPFRFuikwA6KhHYEyyNHab/Vw
sf7f75fTRZiTI9Hnqg7H4U0KVZuqYCHkPdHj20+43cgsMcr9b7OK6KBIe4sG5NK8
Z0G35CBEpamwoExhfhFMSf0LAYjTfO9MfeQG2pE4p55IW6hGCHvZO1XUaFvtWLBY
2ybhOpRwxbPCjOicBHQ7mYrGaAdL4FvOFAl++c0GobPmAwWvlWXrApug2ruklknA
IjGy4/6qe+dfV0mLue1lIcE2E6KXXaP4WV3CW9xk2VbrCZpAd245+1NhUpQv2sUW
S75mx1ZssLkvGdRKAfQ1/j4M9zGhPEYYwQMnZIQfWRgsJoIEMN8NLatQcCW1X2IV
axn4dDYs8suPN1RWApV5SXHKoi/KWSXTjDnGd8EXbOrqKR2Lgj2niJ1uDbKuxmPO
RaNofNyRjSIHojJE7ABBA+rR1ofGmKkIM5OGJLoc+aZ+iiJNEkcnYxYlIn6EiRkG
YPCTybMFJxw=
=8sOP
-----END PGP SIGNATURE-----
--Apple-Mail=_2E288E56-71E1-4746-81D8-95152728DD2F--
