[c-nsp] Obtaining MD signature
Gert Doering
gert at greenie.muc.de
Sat May 8 04:40:51 EDT 2010
Hi,
On Fri, May 07, 2010 at 08:17:15PM -0700, Judah Scott wrote:
> But, I don't think you can compare enabling features (possibly as
> simple as changing a couple je ops to jmp ops or a couple bytes
> here/there) to writing a whole block of IOS assembly code to
> facilitate a backdoor ...
>
> ... but, uh oh, my ignorance is showing again ;-).
A simple backdoor should be fairly trivial to implement... "don't do
password checking on telnet/ssh if the source address is X". This is
just a few lines of code...
(Yes, this assumes that the router is reachable via telnet/ssh, but
not all networks have proper infrastructure ACLs and vty ACLs in place)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100508/7146deed/attachment.bin>
More information about the cisco-nsp
mailing list