http://www.gcn.com/online/vol1_no1/46352-1.html
By Joab Jackson
GCN.com
05/27/08
A security researcher has demonstrated how to install a rootkit on Cisco
routers through the router's Internetwork Operating System (IOS).
Core Security's Sebastian Muniz demonstrated [1] the rootkit last week
at the E.U. Security West Conference in London.
Rootkits are nothing new for desktop PCs, but thus far none had been
successfully written for network routers. In an alert [3] issued earlier
in the month, Cisco acknowledged Muniz's work but also stated that the
company had not seen any exploit code in the wild that uses the
technique. The advisory also instructed administrators how to protect
against such a theoretical attack.
Muniz has not posted his presentation notes yet, though according to an
account posted on the mailing list for the North American Network
Operators Group [3], Muniz's approach involves making and downloading an
image of the operating IOS, altering the portion dealing with log-in
passwords, and then uploading the altered image onto the flash memory of
the router.
Although Muniz used the Cisco operating system, the approach could also
be used for routers from other companies, he said in an interview on the
conference Web site [4].
[1] http://www.eusecwest.com/sebastian-muniz-da-ios-rootkit.html
[2] http://www.cisco.com/warp/public/707/cisco-sr-20080516-rootkits.shtml
[3] http://www.merit.edu/mail.archives/nanog/msg08393.html
[4] http://eusecwest.com/sebastian-muniz-da-ios-rootkit.html
Received on Wed May 28 02:14:01 2008