IOS Rookit: the sky isn't falling (yet)

Valdis.Kletnieks at Valdis.Kletnieks at
Tue May 27 11:57:17 CDT 2008

On Tue, 27 May 2008 11:02:32 CDT, Gadi Evron said:
> On Tue, 27 May 2008, Jared Mauch wrote:
> > *yawn*
> I guess we will wait for the next one before waking up, than.

No Gadi.  What Jared is saying is that there are exactly *ZERO* routers
(for some infinitesimally small value of zero) that will get rootkitted
that weren't *already* vulnerable to the stuff that Lynn talked about
three years ago.

There's basically 2 classes of Cisco routers out there:

1) Ones managed by Jared and similarly clued people, who can quite rightfully
yawn because the specter of "IOS rootkits" changes nothing in their actual
threat model - they put stuff in place 3 years ago to mitigate "Lynn-style IOS
pwnage", and it will stop this just as well.  Move along, nothing to see.

2) Ones managed by unclued people.  And quite frankly, if Lynn didn't wake
them up 3 years ago, this isn't going to wake them up either.  Move along,
nothing new to see here either.

"60% of routers run by bozos who shouldn't have enable. Film at 11".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list