[31716] in North American Network Operators' Group
Re: router damaged by cracker?
daemon@ATHENA.MIT.EDU (Deepak Jain)
Thu Oct 12 12:44:24 2000
Date: Thu, 12 Oct 2000 12:42:20 -0400 (EDT)
From: Deepak Jain <deepak@ai.net>
To: Kai Schlichting <kai@pac-rim.net>
Cc: nanog@merit.edu
In-Reply-To: <4.3.2.7.2.20001012110206.00e65e70@mail.conti.nu>
Message-ID: <Pine.BSF.4.21.0010121239110.14577-100000@aries.ai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
By the way that article reads, I would guess the attack was not
exceptionally sophisticated. (Everyone's definition of sophisticated is
different).
If one removed the config-reg (or renamed it) function on a small Cisco's
firmware one could quite effectively change the passwords and make it
difficult for a not very technical group of admins to take it back.
Since there is talk about moving their main router behind a firewall, my
guess is that they are using a routing appliance rather than any
sophisticated routing hardware. The $18,000 replacement is probably for a
different vendor, not because the hardware has lost function.
This is all wild conjecture because I haven't seen any alerts from vendors
in their normal channels. :)
Deepak Jain
AiNET
On Thu, 12 Oct 2000, Kai Schlichting wrote:
>
> If we assume that the router mentioned in the following cracking incident
> is a popular model we all use: what other than zapping the FlashROM could
> this attacker have done? We all know that <big popular vendor>'s firmware
> source code has hit the pirate BBS's a year or two back : could someone have
> compiled a rogue image that can actually fry some router components (I can
> think of plenty of nasty things with serial ports transmitting too fast
> for their own good - and burn the driver chips) ?
>
> http://www.denverpost.com/business/biz1012d.htm
>
>
>
