NSA able to compromise Cisco, Juniper, Huawei switches

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Dec 31 18:58:23 UTC 2013


On Mon, 30 Dec 2013 19:38:12 -0800, Sabri Berisha said:
> However, attempting any of the limited attacks that I can think of would
> require expert-level knowledge of not just the overall architecture, but also
> of the microcode that runs on the specific PFE that the attacker would target,

Already solved problem, from back in the Internet Stone Age.

I remember seeing an exploit that asked you whether the target was
SunOS 3.2, patch 1, 2, or 3, and launched the correct attack for each. And
I can think of a lot of different ways to make the router cough up the
needed info (or you can just brute-force loop over all the options till
one works - leave the vendor support guy wondering why that line card
rebooted 5 time in an hour and then suddenly became rock solid again :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131231/1915a139/attachment.bin>


More information about the NANOG mailing list