[NANOG] IOS rootkits

Gadi Evron ge at linuxbox.org
Sat May 17 01:19:20 UTC 2008


On Fri, 16 May 2008, Paul Wall wrote:
> Gadi,
>
> Please try to keep the self-promotion to a minimum, and come back when
> you have meaningful data to share with operators.
>
> Examples would include a list of affected platforms and code
> revisions, as well as preventative measures.

Name on the door, money to be sent via paypal. I will sign my playgirl 
cover for 5 USD each.

This is operational, and it is  about me saying "na na na na na, na na na 
na na na" to a discussion from two years ago. I have every intention to 
gloat, but I will keep it to a minimum.

Yes?

 	Gadi.



> On Fri, May 16, 2008 at 9:06 PM, Gadi Evron <ge at linuxbox.org> wrote:
>> At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS
>> rootkit. skip below for the news item itself.
>>
>> We've had discussions on this before, here and elsewhere. I've been
>> heavily attacked on the subject of considering router security as an issue
>> when compared to routing security.
>>
>> I have a lot to say about this, looking into this threat for a
>> few years now and having engaged different organizations within Cisco on
>> the subject in the past.  Due to what I refer to as an "NDA of
>> honour" I will just relay the following until it is "officially" public,
>> then consider what should be made public, including:
>>
>> 1. Current defense startegies possible with Cisco gear
>> 2. Third party defense strategies (yes, they now exist)
>> 2. Cisco response (no names or exact quotes will likely be given)
>> 3. A bet on when such a rootkit would be public, and who won it
>> (participants are.. "relevant people").
>>
>> From:
>> http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.html
>>
>> "A security researcher has developed malicious rootkit software for
>> Cisco's routers, a development that has placed increasing scrutiny on the
>> routers that carry the majority of the Internet's traffic.
>>
>> Sebastian Muniz, a researcher with Core Security Technologies, developed
>> the software, which he will unveil on May 22 at the EuSecWest conference
>> in London. "
>>
>>        Gadi Evron.
>>
>> _______________________________________________
>> NANOG mailing list
>> NANOG at nanog.org
>> http://mailman.nanog.org/mailman/listinfo/nanog
>>
>




More information about the NANOG mailing list