Re: IOS Rookit: the sky isn't falling (yet)

North American Network Operators Group

Re: IOS Rookit: the sky isn't falling (yet)

From: Jared Mauch
Date: Tue May 27 11:41:30 2008

List-archive: <http://mailman.nanog.org/pipermail/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:nanog-request@nanog.org?subject=unsubscribe>

On May 27, 2008, at 8:42 AM, Alexander Harrowell wrote:

An alternative rootkit ? Privilege level 16 used by the Lawful Intercept [12] feature could be abused to do some of this too. Or the other way around: use a "patched" IOS to keep an eye on Law Enforcement's >operations
on the router as privilege level 15 doesn't allow it and the only
alternative is to sniff the traffic export.
The combination of rootkits and specially privileged Lawful Intercept functions is a very dangerous one. This was precisely what was exploited in the now-legendary and still unsolved Vodafone Greece hack.

Perhaps the above should be simplified.

Running a hacked/modded IOS version is a dangerous prospect.

This seems like such a non-event because what is the exploit path to load the image? There needs to be a primary exploit to load the malware image.

*yawn*

- Jared

Follow-Ups:
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron

References:
- IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH
- Re: IOS Rookit: the sky isn't falling (yet) Alexander Harrowell

Prev by Date: Re: amazonaws.com?
Next by Date: Re: outages mailing list is back online!
Date Index
Thread Index
Author Index
Historical