IOS Rookit: the sky isn't falling (yet)

Gadi Evron ge at linuxbox.org
Thu May 29 04:20:48 UTC 2008


On Thu, 29 May 2008, Steven M. Bellovin wrote:
> On Wed, 28 May 2008 10:37:05 +0100
> <michael.dillon at bt.com> wrote:
>
>>> So let's see - if you had a billion CPUs in your botnet, and
>>> each one could go at a billion to the second, you still need
>>> 2**69 seconds or 449,235,776,528,695 years.  Not bad - only
>>> 10,000 times the amount of time this planet has been around,
>>> so yeah, that's the way they'll attack all right.
>>
>> I didn't say that. I said that they are starting with an IOS image
>> in which there are some small number of bytes which they can possibly
>> change and still have a functional image. So it is likely that they
>> will brute force that by computing an MD5 hash on all variations of
>> those few bytes. It's like winning the lottery, you only *NEED* to
>> buy one ticket. No matter how slim the chances are of bad guys winning
>> that lottery, it is no excuse for ignoring the possibility that an
>> MD5 hash check may not be proof that you have an original image.
>>
> Did you even look at Valdis' arithmetic?  It *won't work*.  It isn't
> "likely" that they'll try anything with that low a chance of success.
> As for "no matter how slim the chances" -- if you want to have even a
> vague chance of succeeding before Sol turns into a red giant, you're
> going to have to devote enormous resources to the project.  (Actually,
> I don't think you can succeed even then, not by brute force -- there
> aren't a "small number of bytes" that can be changed, you can introduce
> "random" "typographical" errors in error messages for the SNA stack or
> some such, and if you're doing a brute force pre-image attack on MD5 any
> bit is as good as any other.)  Let's put it purely in economic terms:
> which is a better way to invest your effort, building a machine (or
> botnet) with many billions of processors and still having no plausible
> chance of winning, or -- as you yourself suggest -- getting the HVAC
> contract for the data center.  Or putting back doors in the chips.  Or
> bribing or blackmailing coders.  Or breaking into the vault where Cisco
> keeps its master RSA key.  Or funding a vast research effort on
> cracking MD5 before it's replaced by SHA-512.  Or *something* even
> vaguely sane, because brute-forcing MD5 isn't physically possible.

I don't understand how this disucssion got to breaking MD5 to begin with? 
The whole point was that the results will be manipulated due to the 
rootkit messing with the test, no?

 	Gadi.

>
> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb
>




More information about the NANOG mailing list