North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [NANOG] IOS rootkits

  • From: Dragos Ruiu
  • Date: Sun May 18 09:57:18 2008

On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote:

> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft
> <[email protected]> wrote:
>> If the way of running this isn't out in the wild and it's actually
>> dangerous then a pox on anyone who releases it, especially to gain
>> publicity at the expensive of network operators sleep and well being.
>> May you never find a reliable route ever again.
>
> This needs fixing. It doesnt need publicity at security conferences
> till after cisco gets presented this stuff first and asked to release
> an emergency patch.

Bullshit.

There is nothing to patch.

It needs to be presented at conferences, exactly because people will  
play ostrich and stick their heads in the sand and pretend it can't  
happen to them, and do nothing about it until someone shows them, "yes  
it can happen" and here is how....

Which is exactly why we've accepted this talk. We've all known this is  
a possibility for years, but I haven't seen significant motion forward  
on this until we announced this talk. So in a fashion, this has  
already helped make people more realistic about their infrastructure  
devices. And the discussions, and idea interchange that will happen  
between the smart folks at the conference will undoubtedly usher forth  
other related issues and creative solutions.  Problems don't get fixed  
until you talk about them.

cheers,
--dr



--
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K.   May 21/22 - 2008    http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp



_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog