[c-nsp] Worst case: Compromised Internet router?

Scott Keoseyan scott at labyrinth.org
Sat Apr 25 19:26:25 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Worst-case is a lot worse than simply crashing the router.  Have a  
look at:

http://www.phenoelit-us.org/stuff/FX_Phenoelit_25c3_Cisco_IOS.pdf

http://hsdailywire.com/single.php?id=6728


Scott

On Apr 25, 2009, at 6:31 PM, Jared Mauch wrote:

> What if they set up lawful intercept on the device? That could relay  
> all your packets without visible configuration, or just the  
> "interesting" ones.
>
> As with any device, you want to insure it's integrity of both  
> configuration and image running is important. I suggest rancid or  
> something else to help audit these items.
>
> Jared Mauch
>
> On Apr 25, 2009, at 6:01 PM, ChrisSerafin <chris at chrisserafin.com>  
> wrote:
>
>> So I'm trying ot lock down and Internet router and I had a few  
>> thoughts pop in my head...of what is the worst thing that could  
>> happen, other than someone bricking the device and locking ligit  
>> users out of the router? Here are some questions I thought  
>> of.....let me know what you think....
>>
>>  * If the device doesn't have any private IP's on it....I can't
>>    create a remote VPN client connection to it and then login to the
>>    network. How could I capture/sniff traffic to a .pcap in this
>>    scenario? I would like to do this besides redirecting traffic over
>>    GRE tunnels to a different router I have, just to sniff.....this
>>    scenario sounds good, but I assume would interrupt traffic to the
>>    point I would notice it and take action in a 24/7 NOC
>>
>> Thanks.....
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

- --
Scott A. Keoseyan
+17047711656
Homepage - http://www.labyrinth.org/homepages/scott
Blog - http://www.labyrinth.org/wp1
PGP Key - http://www.labyrinth.org/homepages/scott/pgp.html






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAknznCEACgkQA7TpMPAlvEctQQCfWq4GyqsAfJHyigHmJLzytDVN
jzQAnA4u5bPKtO81CyaYIP3T6nK5i+MO
=Y4YB
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list