[NANOG] IOS rootkits

• Previous message (by thread): [NANOG] IOS rootkits
• Next message (by thread): [NANOG] IOS rootkits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Florian Weimer wrote:
> 
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
> 
> <http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
> 
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).
> 

Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is 
activated on their router. The processor utilization takes a major spike. What 
it's doing might not be known, though umm, even intercept traffic itself can be 
intercepted or redirected through portions of the network where it can be 
intercepted. ;)

Jack

• Previous message (by thread): [NANOG] IOS rootkits
• Next message (by thread): [NANOG] IOS rootkits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]