said by cramer:A lot of Cisco's hardware has read-only ROMMON, with an upgrade area. They'd have to open the case to change the read-only section, and that's soldered to the board these days.
As I recalled, there was
priv ROMMON command that will let you enter the privilege (R/W) mode. Though Cisco website does not have anything details of what privilege ROMMON mode can do, I'm sure hackers with assembly language background can figure things out
said by cramer:Monitoring won't catch anything if the device is the edge of your network. How many people have T1 or T3 sniffers? (very few, and they never get left in a single spot.)
Due to this NSA hack incident, perhaps people should start to monitor their edge devices
said by cramer:A hardware alteration would go unnoticed in 99.9% of cases, as few people open the device when it arrives. Do you crack the case of every router and switch going through your multi-national corporation?
I personally have habits to crack open any new hardware coming in, especially those I have never dealt with; just to see what it is that is under the hood. Perhaps this habit has to start as procedure due to this hack incident