North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IOS Rookit: the sky isn't falling (yet)
On May 29, 2008, at 9:37 AM, Jim Wise wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the point here is that most (read: average) consumers don't verify the md5/sha1/gpg/pgp signatures of the binaries they run. If that was the case, we wouldn't have problems quite as bad as we do today. It may not be possible to replace the boot ROM, because presumably the new I agree with you here. Cisco even ships methods to do a field-upgrade of the rommon on a variety of platforms and linecards. There are numerous challenges when talking about how to prevent these types of updates. I could imagine a case where you leverage the current 'phlashing' stuff to "brick" your router rommon so it won't boot. Once again it gets to the how do you obtain an exploit path to perform these actions on the device? I always have said physical access = "root". Perhaps the path is that oob modem? You need to think about these things, but unless you have a mission dealing with state secrets or your corporate IP (not the protocol) guys treat everything like it is (eg: pharmaceutical companies), you're likely to not notice the router in the closet has a 2 year old bogon filter list installed. - Jared
|