|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IOS Rookit: the sky isn't falling (yet)
On Tue, May 27, 2008 at 11:13 AM, Adrian Chadd <[email protected]> wrote: > > Bloody network people, always assuming their network security stops at > their router. > > So nowthat someone's done the hard lifting to backdoor an IOS binary, > and I'm assuming you all either upgrade by downloading from the cisco.com > website or maintain a set of your own images somewhere, all one needs > to do is insert themselves into -that- path and you're screwed. > > Hijacking prefixes isn't hard. That was presented at the same security > conference. > > Cracking a UNIX/Windows management/FTP/TFTP host isn't impossible - how > many large networks have their server infrastructure run by different > people to their network infrastructure? Lots and lots? :) > > Sure, its not all fire and brimstone, but the bar -was- dropped a little, > and somehow you need to make sure that the IOS thats sitting on your > network management site is indeed the IOS that you put there in the > first place.. Like MD5 File Validation? - "MD5 values are now made available on Cisco.com for all Cisco IOS software images for comparison against local system image values." ~Chris > > > > > Adrian > > > -- Chris Grundemann www.linkedin.com/in/cgrundemann
|