nanog mailing list archives

Re: Synful Knock questions...

From: Michael Douglas <Michael.Douglas () IEEE org>
Date: Tue, 15 Sep 2015 14:35:44 -0400

Does anyone have a sample of a backdoored IOS image?

On Tue, Sep 15, 2015 at 2:15 PM, <eric-list () truenet com> wrote:

I'm sure most have already seen the CVE from Cisco, and I was just reading
through the documentation from FireEye:

https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm
l

Question is that it looks to me like they are over-writing the ospf
response
for "show ip ospf timers lsa-group"?
And if that's the case I'm guessing the router would need to have ospf
enabled to be able to see the response?


Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

Current thread:

Synful Knock questions... eric-list (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
  - Re: Synful Knock questions... Ricky Beam (Sep 15)
- Re: Synful Knock questions... Jake Mertel (Sep 15)
  - Re: Synful Knock questions... Michael Douglas (Sep 15)
    - Re: Synful Knock questions... Jake Mertel (Sep 15)
    - Re: Synful Knock questions... Valdis . Kletnieks (Sep 15)
    - Re: Synful Knock questions... Jake Mertel (Sep 15)
    - Re: Synful Knock questions... Jared Mauch (Sep 15)
  - Re: Synful Knock questions... Marcin Cieslak (Sep 15)
  - Re: Synful Knock questions... Stephen Satchell (Sep 15)
    - Re: Synful Knock questions... Valdis . Kletnieks (Sep 15)

(Thread continues...)