[NANOG] IOS rootkits

Jack Bates jbates at brightok.net
Mon May 19 10:07:48 CDT 2008


Florian Weimer wrote:
> 
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
> 
> <http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
> 
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).
> 

Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is 
activated on their router. The processor utilization takes a major spike. What 
it's doing might not be known, though umm, even intercept traffic itself can be 
intercepted or redirected through portions of the network where it can be 
intercepted. ;)

Jack




More information about the NANOG mailing list