[NANOG] IOS rootkits

Gadi Evron ge at linuxbox.org
Fri May 16 20:06:29 CDT 2008

At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS 
rootkit. skip below for the news item itself.

We've had discussions on this before, here and elsewhere. I've been 
heavily attacked on the subject of considering router security as an issue 
when compared to routing security.

I have a lot to say about this, looking into this threat for a 
few years now and having engaged different organizations within Cisco on 
the subject in the past.  Due to what I refer to as an "NDA of 
honour" I will just relay the following until it is "officially" public, 
then consider what should be made public, including:

1. Current defense startegies possible with Cisco gear
2. Third party defense strategies (yes, they now exist)
2. Cisco response (no names or exact quotes will likely be given)
3. A bet on when such a rootkit would be public, and who won it 
(participants are.. "relevant people").


"A security researcher has developed malicious rootkit software for 
Cisco's routers, a development that has placed increasing scrutiny on the 
routers that carry the majority of the Internet's traffic.

Sebastian Muniz, a researcher with Core Security Technologies, developed 
the software, which he will unveil on May 22 at the EuSecWest conference 
in London. "

 	Gadi Evron.

More information about the NANOG mailing list