North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IOS Rookit: the sky isn't falling (yet)

  • From: Gadi Evron
  • Date: Tue May 27 17:07:06 2008

On Tue, 27 May 2008 [email protected] wrote:
On Tue, 27 May 2008 11:02:32 CDT, Gadi Evron said:
On Tue, 27 May 2008, Jared Mauch wrote:
*yawn*

I guess we will wait for the next one before waking up, than.

No Gadi. What Jared is saying is that there are exactly *ZERO* routers (for some infinitesimally small value of zero) that will get rootkitted that weren't *already* vulnerable to the stuff that Lynn talked about three years ago.

There's basically 2 classes of Cisco routers out there:

1) Ones managed by Jared and similarly clued people, who can quite rightfully
yawn because the specter of "IOS rootkits" changes nothing in their actual
threat model - they put stuff in place 3 years ago to mitigate "Lynn-style IOS
pwnage", and it will stop this just as well.  Move along, nothing to see.

2) Ones managed by unclued people.  And quite frankly, if Lynn didn't wake
them up 3 years ago, this isn't going to wake them up either.  Move along,
nothing new to see here either.

"60% of routers run by bozos who shouldn't have enable. Film at 11".

*yawn*.


My bad. Sorry Jared.