[NANOG] IOS rootkits
jbates at brightok.net
Mon May 19 10:07:48 CDT 2008
Florian Weimer wrote:
> | Network administrators are not able to observe Lawful Intercept is
> | enabled. No Lawful Intercept program messages or error messages are ever
> | displayed on the console.
> This is a Sony-style rootkit, but it certainly demonstrate that the
> concept is feasible (surprise).
Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is
activated on their router. The processor utilization takes a major spike. What
it's doing might not be known, though umm, even intercept traffic itself can be
intercepted or redirected through portions of the network where it can be
More information about the NANOG