North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [NANOG] IOS rootkits

  • From: Jack Bates
  • Date: Mon May 19 11:08:19 2008

Florian Weimer wrote:
> 
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
> 
> <http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
> 
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).
> 

Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is 
activated on their router. The processor utilization takes a major spike. What 
it's doing might not be known, though umm, even intercept traffic itself can be 
intercepted or redirected through portions of the network where it can be 
intercepted. ;)

Jack

_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog