nanog mailing list archives

Re: [NANOG] IOS rootkits

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 16 May 2008 20:19:20 -0500 (CDT)

On Fri, 16 May 2008, Paul Wall wrote:

Gadi,

Please try to keep the self-promotion to a minimum, and come back when
you have meaningful data to share with operators.

Examples would include a list of affected platforms and code
revisions, as well as preventative measures.


Name on the door, money to be sent via paypal. I will sign my playgirl 
cover for 5 USD each.

This is operational, and it is  about me saying "na na na na na, na na na 
na na na" to a discussion from two years ago. I have every intention to 
gloat, but I will keep it to a minimum.

Yes?

        Gadi.

On Fri, May 16, 2008 at 9:06 PM, Gadi Evron <ge () linuxbox org> wrote:

At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS
rootkit. skip below for the news item itself.

We've had discussions on this before, here and elsewhere. I've been
heavily attacked on the subject of considering router security as an issue
when compared to routing security.

I have a lot to say about this, looking into this threat for a
few years now and having engaged different organizations within Cisco on
the subject in the past.  Due to what I refer to as an "NDA of
honour" I will just relay the following until it is "officially" public,
then consider what should be made public, including:

1. Current defense startegies possible with Cisco gear
2. Third party defense strategies (yes, they now exist)
2. Cisco response (no names or exact quotes will likely be given)
3. A bet on when such a rootkit would be public, and who won it
(participants are.. "relevant people").

From:
http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.html

"A security researcher has developed malicious rootkit software for
Cisco's routers, a development that has placed increasing scrutiny on the
routers that carry the majority of the Internet's traffic.

Sebastian Muniz, a researcher with Core Security Technologies, developed
the software, which he will unveil on May 22 at the EuSecWest conference
in London. "

       Gadi Evron.

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog


_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog

Current thread:

[NANOG] IOS rootkits Gadi Evron (May 16)
- Re: [NANOG] IOS rootkits Paul Wall (May 16)
  - Re: [NANOG] IOS rootkits Gadi Evron (May 16)
- Re: [NANOG] IOS rootkits Dragos Ruiu (May 16)
  - Re: [NANOG] IOS rootkits Deepak Jain (May 19)
    - Re: [NANOG] IOS rootkits Buhrmaster, Gary (May 19)
    - Re: [NANOG] IOS rootkits Deepak Jain (May 19)
    - Re: [NANOG] IOS rootkits Gadi Evron (May 20)
- Re: [NANOG] IOS rootkits Tony Varriale (May 16)
- <Possible follow-ups>
- Re: [NANOG] IOS rootkits Paul Ferguson (May 16)
  - Re: [NANOG] IOS rootkits Paul Wall (May 16)
    - Re: [NANOG] IOS rootkits Matthew Moyle-Croft (May 17)
    - Re: [NANOG] IOS rootkits Simon Lockhart (May 17)

(Thread continues...)