IOS Rookit: the sky isn't falling (yet)

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If you were an attacker, which would you go with:
> 
> 1) The brute-force attack which will require hundreds of 
> thousands of CPU-years.

In this case an attacker would definitely go with this option. Since 
they can't change most of the IOS bytes because they contain IOS and 
the exploit, they would definitely run a brute force attack on the 
remaining bytes. Granted, the chances of success are slim, but these
are people who are used to playing the odds even if they lose most 
of the time.

> 3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.

One would hope that Cisco is taking measures to protect against that.

> You missed the point - if the *FILE* you downloaded from a 
> webpage is suspect, why do you trust the MD5sum that *the 
> same webpage* says is correct?

I wasn't thinking of any old web page but one that belongs to 
a trusted vendor and which requires some kind of authentication
before you can get to the file. In any case, the whole issue ca
be bypassed using CDs or using a PGP chain of trust.

--Michael Dillon

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]