[NANOG] IOS rootkits

Florian Weimer fw at deneb.enyo.de
Sat May 17 16:03:12 CDT 2008


* Joel Jaeggli:

> The existence proof of a root kit does little if anything to change how 
> one protects and secures the control plane.

| Network administrators are not able to observe Lawful Intercept is
| enabled. No Lawful Intercept program messages or error messages are ever
| displayed on the console.

<http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>

This is a Sony-style rootkit, but it certainly demonstrate that the
concept is feasible (surprise).




More information about the NANOG mailing list