North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [NANOG] IOS rootkits

  • From: Paul Wall
  • Date: Fri May 16 21:13:52 2008

Gadi,

Please try to keep the self-promotion to a minimum, and come back when
you have meaningful data to share with operators.

Examples would include a list of affected platforms and code
revisions, as well as preventative measures.

Thank you,
Paul

On Fri, May 16, 2008 at 9:06 PM, Gadi Evron <[email protected]> wrote:
> At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS
> rootkit. skip below for the news item itself.
>
> We've had discussions on this before, here and elsewhere. I've been
> heavily attacked on the subject of considering router security as an issue
> when compared to routing security.
>
> I have a lot to say about this, looking into this threat for a
> few years now and having engaged different organizations within Cisco on
> the subject in the past.  Due to what I refer to as an "NDA of
> honour" I will just relay the following until it is "officially" public,
> then consider what should be made public, including:
>
> 1. Current defense startegies possible with Cisco gear
> 2. Third party defense strategies (yes, they now exist)
> 2. Cisco response (no names or exact quotes will likely be given)
> 3. A bet on when such a rootkit would be public, and who won it
> (participants are.. "relevant people").
>
> From:
> http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.html
>
> "A security researcher has developed malicious rootkit software for
> Cisco's routers, a development that has placed increasing scrutiny on the
> routers that carry the majority of the Internet's traffic.
>
> Sebastian Muniz, a researcher with Core Security Technologies, developed
> the software, which he will unveil on May 22 at the EuSecWest conference
> in London. "
>
>        Gadi Evron.
>
> _______________________________________________
> NANOG mailing list
> [email protected]
> http://mailman.nanog.org/mailman/listinfo/nanog
>

_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog