[NANOG] IOS rootkits

• Previous message (by thread): [NANOG] IOS rootkits
• Next message (by thread): [NANOG] IOS rootkits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The question isn't IF routers have security vunerabilities, 
> but whether Gadi has an example he can demonstrate now of 
> installing a root kit on an IOS router NOW or not.

That's not really the question.

In fact, there are two questions. First, are routers really
embedded devices running a software operating system? Secondly
who can you trust in regards to security of your routers.

On the first question, I don't think anyone will argue that
routers are not capable of being compromised by software. Some
may argue that compromising the software from the public Internet
is virtually impossible and statistically unlikely, but most
organizations now realize that hard shell security is a fantasy.
The real danger is an insider who has enable on the router and
who takes money to install a trojan, or the reseller who sells
you a router with trojans already installed. Let's face it,
if the NSA now believes there is a serious risk of counterfeit
hardware that has been modified to contain hardware trojans,
then the much easier to achieve software trojans should be 
a greater risk, and therefore worthy of attention.

But the second question is the more interesting one in the
context of NANOG. Can we trust Gadi? Can we trust the people
who pop up and try to smear Gadi in some way? I haven't a
clear answer here except to say that Gadi is a well-known
person whose biases and possible motives (consultancy work)
are well known. Same thing could be said about Cisco or
Microsoft and this may make Gadi (or Cisco) more trustable
about some things and less trustable about others. But everybody
on this list deals with certainties like this every day.

It's the people who pop up and smear Gadi that I really wonder
about. There seems to be no good reason for this, unless possibly
they are blackhats of some sort. I remember a few years ago
when William Leibzon posted about his work which eventually
became completewhois.com and several blackhats popped up and
tried to smear him. So when people attack Gadi or anyone else
with no substantive facts to justify those attacks, I always
assume that they are part of the criminal gangs who drive network
abuse in the 21st century. Of course they may just be harmless
fools who think that they will become better network operators 
if they can become part of the in group. Who knows...

Personally, I am not particularly disturbed that security
vulnerabilities
are announced with few substantive details. That's just the way things
are normally done in the real world.

--Michael Dillon

• Previous message (by thread): [NANOG] IOS rootkits
• Next message (by thread): [NANOG] IOS rootkits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]