[183777] in North American Network Operators' Group
Re: Synful Knock questions...
daemon@ATHENA.MIT.EDU (Blake Hudson)
Wed Sep 16 09:37:02 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Blake Hudson <blake@ispn.net>
Date: Wed, 16 Sep 2015 08:36:54 -0500
In-Reply-To: <F570D447-EB21-40C4-BDD5-E4C169594A77@arbor.net>
Errors-To: nanog-bounces@nanog.org
Roland Dobbins wrote on 9/16/2015 1:27 AM:
>
> On 16 Sep 2015, at 11:51, Paul Ferguson wrote:
>
>> Please bear in mind hat the attacker *must* acquire credentials to
>> access the box before exploitation.
>
> And must have access to the box in order to utilize said credentials -
> which of course, there are BCPs intended to prevent same.
>
There's a big used equipment market. Even in the new equipment market,
these devices could be intercepted prior to delivery.
