15 Sep
2015
15 Sep
'15
2:35 p.m.
Does anyone have a sample of a backdoored IOS image? On Tue, Sep 15, 2015 at 2:15 PM, <eric-list@truenet.com> wrote:
I'm sure most have already seen the CVE from Cisco, and I was just reading through the documentation from FireEye:
https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm l
Question is that it looks to me like they are over-writing the ospf response for "show ip ospf timers lsa-group"? And if that's the case I'm guessing the router would need to have ospf enabled to be able to see the response?
Sincerely,
Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222