Synful Knock questions...
Michael Douglas
Michael.Douglas at IEEE.org
Tue Sep 15 18:35:44 UTC 2015
Does anyone have a sample of a backdoored IOS image?
On Tue, Sep 15, 2015 at 2:15 PM, <eric-list at truenet.com> wrote:
> I'm sure most have already seen the CVE from Cisco, and I was just reading
> through the documentation from FireEye:
>
> https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm
> l
>
> Question is that it looks to me like they are over-writing the ospf
> response
> for "show ip ospf timers lsa-group"?
> And if that's the case I'm guessing the router would need to have ospf
> enabled to be able to see the response?
>
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
> F: 610-429-3222
>
>
>
>
>
More information about the NANOG
mailing list