[167906] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Jonathan Greenwood II)
Tue Dec 31 14:36:02 2013
In-Reply-To: <CEE864A2.107FB%wbailey@satelliteintelligencegroup.com>
Date: Tue, 31 Dec 2013 11:34:02 -0800
From: Jonathan Greenwood II <gwood83@gmail.com>
To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Cc: Clay Kossmeyer <ckossmey@cisco.com>, Florian Weimer <fw@deneb.enyo.de>,
North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
The best response I've seen to all this hype and I completely agree with
Scott:
"Do ya think that you wouldn't also notice a drastic increase in outbound
traffic to begin with? It's fun to watch all the hype and things like
that, but to truly sit down and think about what it would actually take
to make something like this happen, especially on a sustained and
"unnoticed" basis, is just asinine.
Perhaps more work should be spent maintaining ones own equipment and
network than debating the chances that the sky may actually be falling or
the NSA hunting your ass down. ;) Just my two cents for the day!
Happy New Year!
Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713, CCDE
#2009::D,
CCNP-Data Center, CCNP-Voice, JNCIE-SP #153, JNCIE-ENT #102, JNCIS-QFX,
CISSP, et al.
IPv6 Gold Certified Engineer, IPv6 Gold Certified Trainer
CCSI #21903, JNCI-SP, JNCI-ENT, JNCI-QFX
swm@emanon.com
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......"
Jonathan
On Tue, Dec 31, 2013 at 11:16 AM, Warren Bailey <
wbailey@satelliteintelligencegroup.com> wrote:
> +1
>
> NSA states very clearly this is baked in and =B3widely deployed=B2. Eithe=
r
> Cisco is not very happy with their government overlords today, or they ar=
e
> having long meetings at those oversized conference tables trying to figur=
e
> out what to tell everyone. I=B9m curious about the implications to the US
> DoD STIG=B9s that are put out, as I=B9m fairly sure they do not mention t=
here
> is a backdoor that anyone who knows how to knock can access.
>
> My other question is.. How are they identifying unique ASA and PIX? Is
> there a fingerprint mechanism that tells it what=B9s going on? I=B9d thin=
k
> there would be quite a few admins out there with really weird syslog
> entries??
>
> Randy is right here.. Cisco has some =8Csplainin to do - we buy these
> devices as =B3security appliances=B2, not NSA rootkit gateways. I hope th=
e .cn
> guys don=B9t figure out what=B9s going on here, I=B9d imagine there are p=
lenty
> of ASA=B9s in the .gov infrastructures.
>
> //warren
>
> PS - I mentioned .cn specifically because of the Huawei aspect, in
> addition to the fact that it has been widely publicized we are in a =B3cy=
ber
> war=B2 with them.
>
> On 12/31/13, 12:07 PM, "Randy Bush" <randy@psg.com> wrote:
>
> >> There's a limit to what can reasonably be called a *product*
> >> vulnerability.
> >
> >right. if the product was wearing a low-cut blouse and a short skirt,
> >it's not.
> >
> >it's weasel words (excuse the idiom). shoveling kitty litter over a big
> >steaming pile.
> >
> >let me insert a second advert for jake's 30c3 preso,
> >https://www.youtube.com/watch?v=3Db0w36GAyZIA
> >
> >randy
> >
>
>
>
--=20
Jonathan Greenwood II
CCIE #22744
