[167895] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Saku Ytti)
Tue Dec 31 13:49:01 2013
Date: Tue, 31 Dec 2013 20:48:43 +0200
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <20131231174911.GA33584@ernw.de>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2013-12-31 18:49 +0100), Enno Rey wrote:
> some approaches were discussed in 2010, by Graeme Neilson from NZ here:
>
> https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf
>
> a later year, at the same conference, he gave a private session demonstrating basically the same stuff for JunOS, as ongoing (and, at the time, non-public) research.
If I read that correctly, it requires someone to install malicious code to the
box and won't persist if someone upgrades it later to non malicious code.
What the screenshot of NSA 'implant' says is persistently broken, through
malicious BIOS, which dynamically rewrites kernel in-memory post-boot.
The netscreen hack, is cute, but it's rather on the same difficulty level as
it is to build savegame editor for game.
--
++ytti
