Re: IOS Rookit: the sky isn't falling (yet)

• From: Alexander Harrowell
• Date: Tue May 27 08:42:31 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

>An alternative rootkit ? Privilege level 16 used by the Lawful Intercept
>[12] feature could be abused to do some of this too. Or the other way
>around: use a "patched" IOS to keep an eye on Law Enforcement's >operations
on the router as privilege level 15 doesn't allow it and the only
>alternative is to sniff the traffic export.

The combination of rootkits and specially privileged Lawful Intercept
functions is a very dangerous one. This was precisely what was exploited in
the now-legendary and still unsolved Vodafone Greece hack.

Alex

• Follow-Ups:
  • Re: IOS Rookit: the sky isn't falling (yet) Jared Mauch
  • Re: IOS Rookit: the sky isn't falling (yet) Christopher Morrow

• References:
  • IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH

• Prev by Date: IOS Rookit: the sky isn't falling (yet)
• Next by Date: Re: outages mailing list is back online!
• Date Index
• Thread Index
• Author Index
• Historical