On Tue, May 27, 2008 at 11:13 AM, Adrian Chadd <adrian@creative.net.au> wrote:
Bloody network people, always assuming their network security stops at their router.
So nowthat someone's done the hard lifting to backdoor an IOS binary, and I'm assuming you all either upgrade by downloading from the cisco.com website or maintain a set of your own images somewhere, all one needs to do is insert themselves into -that- path and you're screwed.
Hijacking prefixes isn't hard. That was presented at the same security conference.
Cracking a UNIX/Windows management/FTP/TFTP host isn't impossible - how many large networks have their server infrastructure run by different people to their network infrastructure? Lots and lots? :)
Sure, its not all fire and brimstone, but the bar -was- dropped a little, and somehow you need to make sure that the IOS thats sitting on your network management site is indeed the IOS that you put there in the first place..
Like MD5 File Validation? - "MD5 values are now made available on Cisco.com for all Cisco IOS software images for comparison against local system image values." ~Chris
Adrian
-- Chris Grundemann www.linkedin.com/in/cgrundemann