|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: IOS Rookit: the sky isn't falling (yet)
> So let's see - if you had a billion CPUs in your botnet, and > each one could go at a billion to the second, you still need > 2**69 seconds or 449,235,776,528,695 years. Not bad - only > 10,000 times the amount of time this planet has been around, > so yeah, that's the way they'll attack all right. I didn't say that. I said that they are starting with an IOS image in which there are some small number of bytes which they can possibly change and still have a functional image. So it is likely that they will brute force that by computing an MD5 hash on all variations of those few bytes. It's like winning the lottery, you only *NEED* to buy one ticket. No matter how slim the chances are of bad guys winning that lottery, it is no excuse for ignoring the possibility that an MD5 hash check may not be proof that you have an original image. And lets not get into all the other possibilities such as an insider who corrupts your database in which you safely store the MD5 hashes. There is no magic bullet, only various security layers which reduce the odds of an exploit in your network in a similar way to how multiple routers and multiple paths can increase your network's uptime to very nearly 100%. --Michael Dillon
|