IOS Rookit: the sky isn't falling (yet)

Jared Mauch jared at
Tue May 27 10:41:17 CDT 2008

On May 27, 2008, at 8:42 AM, Alexander Harrowell wrote:

>> An alternative rootkit ? Privilege level 16 used by the Lawful  
>> Intercept
>> [12] feature could be abused to do some of this too. Or the other way
>> around: use a "patched" IOS to keep an eye on Law Enforcement's  
>> >operations
> on the router as privilege level 15 doesn't allow it and the only
>> alternative is to sniff the traffic export.
> The combination of rootkits and specially privileged Lawful Intercept
> functions is a very dangerous one. This was precisely what was  
> exploited in
> the now-legendary and still unsolved Vodafone Greece hack.

Perhaps the above should be simplified.

Running a hacked/modded IOS version is a dangerous prospect.

This seems like such a non-event because what is the exploit path to  
load the image? There needs to be a primary exploit to load the  
malware image.


- Jared

More information about the NANOG mailing list