dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
731
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

NSA backdoors into PIX/ASA and others...

So the NSA claims to have PERSISTENT backdoors not only on the entire PIX and
ASA (non-X) line apparently... but Juniper, Huwai, and 802.11.

** Emp. mine.

Was kind of curious :

a) Did anyone else hear about this?

b) Did anyone here experience any (direct) fallout from this? eg. client dropping a purchase of a particular affected model.

c) Has anyone heard anything new about it since January of this year? Tried knocking around Cisco's main
page and they're surprisingly quiet about it.

Regards
cramer
Premium Member
join:2007-04-10
Raleigh, NC

cramer

Premium Member

It's an IMPLANT, which means it's code embedded into the device by some other means (i.e. exploitable coding mistake.) Nothing about JETPLOW suggests it's a backdoor already in the released code.
aryoba
MVM
join:2002-08-22

aryoba to HELLFIRE

MVM

to HELLFIRE
This is I think one of those topics "security people" like to buzz on without valid details. For instance, whether it is possible to hack a firewall remotely from untrusted IP address where the firewall access is already locked down to specific IP addresses. Until those security people can actually produce valid technical proof, keep building your security perimeter based on "field-proven" best practices.

My 2c
meta
join:2004-12-27
00000

meta to HELLFIRE

Member

to HELLFIRE
ASA's (and IOS-XE and NXOS and ACE's etc) are x86 boxes running Linux at the control plane. If you can trojan a Linux box and install a rootkit, you can trojan an ASA in theory. Gaining initial access is the trick and no mention was made of a remote root exploit for the ASA or any other Cisco embedded Linux environment. You CAN drop to a root shell on most of those platforms (I have done it on XR, XE, NXOS, ACE with the help of TAC to fix an issue, usually the filesystem etc.) providing you had the right tools and a priv15 shell. Honestly it would probablly be easier to spear phish a known network engineer (search linkedin) at a given company, get their creds (we are generally a lazy bunch regarding security) and login to the SwiOuterWallBalancer.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Well found out what Cisco's stance was with this PSIRT... last updated Mar 13 2014.

Also looks like Juniper has an equivalent as well

My intent of posting this was NOT to do a Chicken Little impression... and the amount of information as to HOW
the NSA was able to achieve this technically so as to claim they are able to "backdoor" this equipment you can
fit into an electron shell, far as I'm concerned.

Mostly I wanted to to get peoples' input on the 3 questions I'd posed before...

Regards

caedmon
@qwest.net

caedmon to meta

Anon

to meta
Actually IOS-XE boxes are ppc, mips and x86 based. The original box was ppc based. Next came the x86 and later the mips boxes. Same SW on all of them.
aryoba
MVM
join:2002-08-22

aryoba to HELLFIRE

MVM

to HELLFIRE
This is what Arista has been different than other network vendor, which you can implement your own UNIX scripts into the Arista switches to make your own CLI command. Arista even suggests end users to do so since their philosophy is an open-source box. In other word, please do hack Arista devices

Arista could probably afford such thinking since their products are just switches; no firewalls