North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IOS Rookit: the sky isn't falling (yet)

  • From: Steven M. Bellovin
  • Date: Thu May 29 00:15:00 2008

On Wed, 28 May 2008 10:37:05 +0100
<michael.dillon@xxxxxx> wrote:

> > So let's see - if you had a billion CPUs in your botnet, and 
> > each one could go at a billion to the second, you still need 
> > 2**69 seconds or 449,235,776,528,695 years.  Not bad - only 
> > 10,000 times the amount of time this planet has been around, 
> > so yeah, that's the way they'll attack all right.
> 
> I didn't say that. I said that they are starting with an IOS image
> in which there are some small number of bytes which they can possibly
> change and still have a functional image. So it is likely that they
> will brute force that by computing an MD5 hash on all variations of
> those few bytes. It's like winning the lottery, you only *NEED* to
> buy one ticket. No matter how slim the chances are of bad guys winning
> that lottery, it is no excuse for ignoring the possibility that an
> MD5 hash check may not be proof that you have an original image.
> 
Did you even look at Valdis' arithmetic?  It *won't work*.  It isn't
"likely" that they'll try anything with that low a chance of success.
As for "no matter how slim the chances" -- if you want to have even a
vague chance of succeeding before Sol turns into a red giant, you're
going to have to devote enormous resources to the project.  (Actually,
I don't think you can succeed even then, not by brute force -- there
aren't a "small number of bytes" that can be changed, you can introduce
"random" "typographical" errors in error messages for the SNA stack or
some such, and if you're doing a brute force pre-image attack on MD5 any
bit is as good as any other.)  Let's put it purely in economic terms:
which is a better way to invest your effort, building a machine (or
botnet) with many billions of processors and still having no plausible
chance of winning, or -- as you yourself suggest -- getting the HVAC
contract for the data center.  Or putting back doors in the chips.  Or
bribing or blackmailing coders.  Or breaking into the vault where Cisco
keeps its master RSA key.  Or funding a vast research effort on
cracking MD5 before it's replaced by SHA-512.  Or *something* even
vaguely sane, because brute-forcing MD5 isn't physically possible.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb