Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Thu, Jan 2, 2014 at 10:01 AM, Saku Ytti wrote: > On (2014-01-01 23:51 +0200), Eugeniu Patrascu wrote: > > > > Is this legal? Can NSA walk in to US based company and legally coerce > to > > > install such backdoor? If not, what is the incentive for private > company to > > > cooperate? > > > >

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2014-01-01 23:51 +0200), Eugeniu Patrascu wrote: > > Is this legal? Can NSA walk in to US based company and legally coerce to > > install such backdoor? If not, what is the incentive for private company to > > cooperate? > > > > As you might have seen from the beginning of time, people in pow

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Wed, Jan 1, 2014 at 11:55 AM, Saku Ytti wrote: > On (2013-12-31 23:04 +), Warren Bailey wrote: > > > that RSA had a check cut for their participation (sell outs..), would it > > be out of the realm of possibility cisco knowingly placed this into their > > product line? And would it be thei

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Wed, Jan 1, 2014 at 3:55 AM, Saku Ytti wrote: > Is this legal? Can NSA walk in to US based company and legally coerce to > install such backdoor? If not, what is the incentive for private company to > cooperate? > As evidenced by "Lavabit"; apparently, one thing that they CAN do is issue an

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Wed, 01 Jan 2014 11:55:37 +0200, Saku Ytti said: > Is this legal? Can NSA walk in to US based company and legally coerce to > install such backdoor? Well, legal or not... we will probably never know exactly what was said, but apparently the NSA was able to convince/coerce many of the 800 pound

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Warren Bailey > I find it insanely difficult to believe cisco systems has a backdoor > into some of their product lines with no knowledge or participation. actually, i suspect a mix of both, the usg encouraging calea gone bad (while committing to bad-mouth huawei), and the TAO crew developing ser

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Thank you Randy for pointing that out. However take into account the NANOG list is moderated, and my comment was delayed for moderation. I was commenting on posts about trivial things, before that nice post with nice codenames. A good year to all. May this be a smoother year to you all that have s

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> If legal, consider risk to NSA. Official product ran inside company to add > requested feature, hundred of people aware of it. Seems both expensive to > order such feature and almost guaranteed to be exposed by some of the > employees. > > Alternative method is to presume all software is insecur

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-31 23:04 +), Warren Bailey wrote: > that RSA had a check cut for their participation (sell outs..), would it > be out of the realm of possibility cisco knowingly placed this into their > product line? And would it be their mistake to come out with a “we had no > idea!” rather than

Re: NSA able to compromise Cisco, Juniper, Huawei switches

China. ;) lol Sent from my Mobile Device. Original message From: Paul Ferguson Date: 12/31/2013 4:13 PM (GMT-08:00) To: nanog@nanog.org Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/31/2013 4:02 PM

Re: NSA able to compromise Cisco, Juniper, Huawei switches

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/31/2013 4:02 PM, Florian Weimer wrote: > * Warren Bailey: > >> Explaining, not a denial written by their legal department. I find it >> insanely difficult to believe cisco systems has a backdoor into some of >> their product lines with no knowl

Re: NSA able to compromise Cisco, Juniper, Huawei switches

* Warren Bailey: > Explaining, not a denial written by their legal department. I find it > insanely difficult to believe cisco systems has a backdoor into some of > their product lines with no knowledge or participation. As far as I understand it, these are firmware tweaks or implants sitting on

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Explaining, not a denial written by their legal department. I find it insanely difficult to believe cisco systems has a backdoor into some of their product lines with no knowledge or participation. Given the fact that RSA had a check cut for their participation (sell outs..), would it be out of the

Re: NSA able to compromise Cisco, Juniper, Huawei switches

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/31/2013 12:33 PM, sth...@nethelp.no wrote: >> The best response I've seen to all this hype and I completely agree with >> Scott: >> >> "Do ya think that you wouldn't also notice a drastic increase in >> outbound traffic to begin with? It's fun

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> The best response I've seen to all this hype and I completely agree with > Scott: > > "Do ya think that you wouldn't also notice a drastic increase in outbound > traffic to begin with? It's fun to watch all the hype and things like > that, but to truly sit down and think about what it would act

Re: NSA able to compromise Cisco, Juniper, Huawei switches

>> it's weasel words (excuse the idiom). shoveling kitty litter over a >> big steaming pile. > Clayton is responding to the ability that he's allowed, and he's using > words very precisely. qed pgp7iFOpQgLqE.pgp Description: PGP signature

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Jan 1, 2014, at 2:34 AM, Jonathan Greenwood II wrote: > The best response I've seen to all this hype and I completely agree with > Scott: > > "Do ya think that you wouldn't also notice a drastic increase in outbound > traffic to begin with? It's fun to watch all the hype and things like >

Re: NSA able to compromise Cisco, Juniper, Huawei switches

* Randy Bush: >> There's a limit to what can reasonably be called a *product* >> vulnerability. > > right. if the product was wearing a low-cut blouse and a short skirt, > it's not. Uh-oh, is this an attempt at an argument based on a "blame the victim" rape analogy?

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Jan 1, 2014, at 2:16 AM, Warren Bailey wrote: > Randy is right here.. Cisco has some Œsplainin to do - we buy these devices > as ³security appliances², not NSA rootkit gateways

Re: NSA able to compromise Cisco, Juniper, Huawei switches

The best response I've seen to all this hype and I completely agree with Scott: "Do ya think that you wouldn't also notice a drastic increase in outbound traffic to begin with? It's fun to watch all the hype and things like that, but to truly sit down and think about what it would actually take t

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Jan 1, 2014, at 2:07 AM, Randy Bush wrote: > it's weasel words (excuse the idiom). shoveling kitty litter over a big > steaming pile. Clayton is responding to the ability that he's allowed, and he's using words very precisely. Here's Cisco's official responses, so far.

Re: NSA able to compromise Cisco, Juniper, Huawei switches

+1 NSA states very clearly this is baked in and ³widely deployed². Either Cisco is not very happy with their government overlords today, or they are having long meetings at those oversized conference tables trying to figure out what to tell everyone. I¹m curious about the implications to the US Do

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> There's a limit to what can reasonably be called a *product* > vulnerability. right. if the product was wearing a low-cut blouse and a short skirt, it's not. it's weasel words (excuse the idiom). shoveling kitty litter over a big steaming pile. let me insert a second advert for jake's 30c3 p

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, 30 Dec 2013 19:38:12 -0800, Sabri Berisha said: > However, attempting any of the limited attacks that I can think of would > require expert-level knowledge of not just the overall architecture, but also > of the microcode that runs on the specific PFE that the attacker would target, Alread

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 7:05 AM, Ray Soucy wrote: > I think there needs to be some clarification on how these tools get used, > how often they're used, and if they're ever cleaned up when no longer part > of an active operation. Of course we'll never get that. But that's exactly what we need. Look

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-31 18:49 +0100), Enno Rey wrote: > some approaches were discussed in 2010, by Graeme Neilson from NZ here: > > https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf > > a later year, at the same conference, he gave a private session de

Re: NSA able to compromise Cisco, Juniper, Huawei switches

* Randy Bush: >> Clay Kossmeyer here from the Cisco PSIRT. > > shoveling kitty litter as fast as you can, eh? > >> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel > > "The article does not discuss or disclose any Cisco product vulnerabilities." >

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 12:49 PM, Enno Rey wrote: > Hi, > > some approaches were discussed in 2010, by Graeme Neilson from NZ here: > > https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf > > a later year, at the same conference, he gave a privat

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Hi, some approaches were discussed in 2010, by Graeme Neilson from NZ here: https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf a later year, at the same conference, he gave a private session demonstrating basically the same stuff for JunOS, as

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-31 16:22 +0100), na...@mitteilung.com wrote: > Since some weeks all my cisco / juniper equipment was replaced with open > source solutions (sometimes with embedded devices) and that works fine. > Google as search engine and Facebook accounts are deleted and some more > things. Cloud so

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 11:50 AM, Saku Ytti wrote: > I asked earlier today JTAC (#2013-1231-0033) and JTAC asked SIRT for tool to > read BIOS and output SHA2 or SHA3 hash, and such tool does not exist yet. I'm > dubious, it might be possible even with existing tools. At least it's possible > to ref

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-31 09:03 -0600), Leo Bicknell wrote: > If I were Cisco/Juniper/et all I would have a team working on this right now. > It should be trivial for them to insert code into the routers that say, > hashes all sorts of things (code image, BIOS, any PROMS and EERPOMS and > such on the lineca

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Since some weeks all my cisco / juniper equipment was replaced with open source solutions (sometimes with embedded devices) and that works fine. Google as search engine and Facebook accounts are deleted and some more things. Cloud solutions outside europe now are forbidden for me. Thank you NSA & C

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 8:32 AM, Saku Ytti wrote: > I'm going to wait calmly for some of the examples being recovered from the > field, documented and analysed. If I were Cisco/Juniper/et all I would have a team working on this right now. It should be trivial for them to insert code into the router

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-31 14:45 +0100), sth...@nethelp.no wrote: > > This whole backdoor business is a very, very, dangerous game. > > It *is* a big deal. And if you want to get even more scared, listen to > Jacob Appelbaum's talk at the CCC here: I'm going to wait calmly for some of the examples being rec

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> I think there needs to be some clarification on how these tools get used, > how often they're used, and if they're ever cleaned up when no longer part > of an active operation. Of course we'll never get that. Highly unlikely, I'd say. > The amount of apologists with the attitude "this isn't a

RE : Re: NSA able to compromise Cisco, Juniper, Huawei switches

g@nanog.org list" Objet : Re: NSA able to compromise Cisco, Juniper, Huawei switches I think there needs to be some clarification on how these tools get used, how often they're used, and if they're ever cleaned up when no longer part of an active operation.  Of course we'll neve

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Tue, Dec 31, 2013 at 8:05 AM, Ray Soucy wrote: > This whole backdoor business is a very, very, dangerous game. While I agree with this (and the issues brought up with NSA's NIST approved PRNG that RSA used). If I were in their shoes, I would have been collecting every bit of data I could (ie,

Re: NSA able to compromise Cisco, Juniper, Huawei switches

I think there needs to be some clarification on how these tools get used, how often they're used, and if they're ever cleaned up when no longer part of an active operation. Of course we'll never get that. The amount of apologists with the attitude "this isn't a big deal, nothing to see here, the

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Tue, Dec 31, 2013 at 5:38 AM, Sabri Berisha wrote: > Hi Roland. > > > I don't know much about Juniper > > gear, but it appears that the Juniper boxes listed are similar in nature, > > albeit running FreeBSD underneath (correction welcome). > > With most Juniper gear, it is actually quite diffic

Re: NSA able to compromise Cisco, Juniper, Huawei switches

To supplement and amend what I said: These are the KINDS of things we want the NSA to do; however, the institutional oversight necessary to make sure it's Constitutional, warranted, and kept "in bounds" is woefully lacking (if any exists at all). Even FISA is unsatisfactory. At any rate, I agree

RE: NSA able to compromise Cisco, Juniper, Huawei switches

>We're all getting far too conditioned for the "click OK to proceed" >overload, and the sources aren't helping. If one embarks with deliberation upon a course of action which may entertain certain results then the intent to cause the result so obtained is, by implication, proved.

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, Dec 30, 2013 at 10:41 PM, Blair Trosper wrote: > I'm torn on this. On one hand, it seems sinister. On the other, it's not > only what the NSA is tasked with doing, but it's what you'd EXPECT them to > be doing in the role as the NSA. > [snip] The NSA's role is not supposed to include su

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On 12/30/2013 11:06 PM, [AP] NANOG wrote: > As I was going through reading all these replies, the one thing that > continued to poke at me was the requirement of the signed binaries and > microcode. The same goes for many of the Cisco binaries, without direct > assistance, which is unclear at this

Re: NSA able to compromise Cisco, Juniper, Huawei switches

I'm torn on this. On one hand, it seems sinister. On the other, it's not only what the NSA is tasked with doing, but it's what you'd EXPECT them to be doing in the role as the NSA. I'm not saying it's right or wrong...it creeps me out a little, though...but these are the kinds of things we have

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Roland, I did fail to mention the HUMINT (Human Intelligence) side of things, thank you for bringing that up! -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 12/30/13, 11:33 PM, Dobbins, Roland wrote: > On Dec 31, 2013, at 11:06 AM, [AP] NANOG wrote: > >>

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 11:06 AM, [AP] NANOG wrote: > Then looking at things from the evil side though, if they owned the system > which provides the signing then they could sign > virtually anything they wish. Or if they owned *people* with the right level of access to do so, or if there were im

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 10:38 AM, Sabri Berisha wrote: > Assuming M/MX/T series, you are correct that the foundation of the > control-plane is a FreeBSD-based kernel. And the management plane, too? > However, that control-plane talks to a forwarding-plane (PFE). The PFE runs > Juniper designed A

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 10:59 AM, Randy Bush wrote: > assumptions that the TAO folk have been taking a long much-deserved > sabbatical are probably naive Indeed; that is my point. These documents allege that the capabilities in question were present five years ago, which is an eternity in tech-t

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Sabri, As I was going through reading all these replies, the one thing that continued to poke at me was the requirement of the signed binaries and microcode. The same goes for many of the Cisco binaries, without direct assistance, which is unclear at this point through the cloud of smoke so to sp

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> It's also important to keep in mind that all these purported documents > refer to technologies which were supposedly available 5 years ago, > based on the dates in the slides. assumptions that the TAO folk have been taking a long much-deserved sabbatical are probably naive the shocking revelati

Re: NSA able to compromise Cisco, Juniper, Huawei switches

>Is Ken Thompson turning over in his grave yet? I certainly hope not...

Re: NSA able to compromise Cisco, Juniper, Huawei switches

- Original Message - > From: "Ray Soucy" > I hope when [if] the truth is learned it is a lot less prevalent than > it sounds, but I'm not optimistic. > > This is why we need all infrastructure to be implemented using open > standards, open hardware designs, and open source software IMHO.

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Hi Roland. > I don't know much about Juniper > gear, but it appears that the Juniper boxes listed are similar in nature, > albeit running FreeBSD underneath (correction welcome). With most Juniper gear, it is actually quite difficult to achieve wire-tapping on a large scale using something as si

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 10:16 AM, Blake Dunlap wrote: > The cynic in me says that cisco switch/router gear isn't part of that report > on clandestine backdoors, because they don't need said clandestine backdoors > to access them... T-series is in there, too. It's also important to keep in mind t

Re: NSA able to compromise Cisco, Juniper, Huawei switches

The cynic in me says that cisco switch/router gear isn't part of that report on clandestine backdoors, because they don't need said clandestine backdoors to access them... -Blake On Mon, Dec 30, 2013 at 8:54 PM, Dobbins, Roland wrote: > > On Dec 31, 2013, at 9:41 AM, Randy Bush wrote: > > > y

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 9:41 AM, Randy Bush wrote: > you may want to read the more complete, well let's say extensive Thanks, Randy - now I see the JunOS stuff in there for J-series and M-series. --- Roland Dobbins //

Re: NSA able to compromise Cisco, Juniper, Huawei switches

>> So this isn't an issue of the NSA working with Cisco and Juniper to >> include back doors, it's an issue of the NSA modifying those releases >> after the fact though BIOS implants. > > Yes, I see this now, thanks. > > AFAICT, the Cisco boxes listed are ASAs and PIXes, which are > essentially L

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 31, 2013, at 12:00 AM, Ray Soucy wrote: > So this isn't an issue of the NSA working with Cisco and Juniper to include > back doors, it's an issue of the NSA modifying those releases after the fact > though BIOS implants. Yes, I see this now, thanks. AFAICT, the Cisco boxes listed are

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 11:28 PM, Marco Teixeira wrote: > i just wanted to say that any network professional that puts any equipment > into production without securing it against the kind of > issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and > should be fired on the spot.

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On 12/30/2013 3:51 PM, Randy Bush wrote: Clay Kossmeyer here from the Cisco PSIRT. shoveling kitty litter as fast as you can, eh? http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel "The article does not discuss or disclose any Cisco product vu

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Hi, > you gotta love it. they will roll over and piss themselves for nsa and > other who are violating every principle, but threaten paying customers > who would report a hole. Don't forget that for C and J, the U.S. government is a large customer as well. Thanks, Sabri

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> Clay Kossmeyer here from the Cisco PSIRT. shoveling kitty litter as fast as you can, eh? > http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel "The article does not discuss or disclose any Cisco product vulnerabilities." this is disengenuous at b

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Hi Folks - Clay Kossmeyer here from the Cisco PSIRT. We've published the following document in response to the original (Dec. 29) Der Spiegel article: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel and are investing the claims in the Dec. 30

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> These are not backdoor issues, NSA related, whatever... This is noise. > Trying to get this thread on track, can the original poster provide any > proof of this so called ability of the so called inteligence agency beeing > able to access cisco/juniper, taking into account that management access

Re: NSA able to compromise Cisco, Juniper, Huawei switches

There are many ways a backdoor could be used in a properly secured system. To think otherwise is a huge mistake. I can think of several ways, if tasked and given the resources of a large gov't that I would attack this problem. To assume that those tasked and focused only this type of solution a

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Hi all, I've been watching this list for a couple weeks now and while risking beeing flamed, i just wanted to say that any network professional that puts any equipment into production without securing it against the kind of issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and

Re: NSA able to compromise Cisco, Juniper, Huawei switches

> IIRC, Cisco threatened to sue if it was ever released you gotta love it. they will roll over and piss themselves for nsa and other who are violating every principle, but threaten paying customers who would report a hole. the question is what have these companies and gov people not violated? r

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On a side note, I've been involved with organizing the New England regional Collegiate Cyber-Defense Competition for a while, and one our "Red Team" members was able to make a pretty convincing IOS rootkit using IOS TCL scripting to mask configuration from the students. I don't think any students

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, Dec 30, 2013 at 1:17 PM, Lorell Hathcock wrote: > NANOG: > > Here's the really scary question for me. > > Would it be possible for NSA-payload traffic that originates on our private > networks that is destined for the NSA to go undetected by our IDS systems? > Yup. Absolutely. Without a d

RE: NSA able to compromise Cisco, Juniper, Huawei switches

SA able to compromise Cisco, Juniper, Huawei switches Looking more at the actual leaked information it seems that if the NSA is working with companies, it's not anything the companies are likely aware of. The common form of infection seems to be though software updates performed by administrators (

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Looking more at the actual leaked information it seems that if the NSA is working with companies, it's not anything the companies are likely aware of. The common form of infection seems to be though software updates performed by administrators (through the NSA hijacking web traffic). They are imp

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 11:18 PM, Sam Moats wrote: > This might be an interesting example of it's (mis)use. > http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005 That's one of the cases I know about; it was utilized via Ericsson gear. -

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 11:16 PM, Enno Rey wrote: > at least back in 2007 it could be enabled/configured by SNMP RW access [see > slide 43 of the presentation referenced in this post > http://www.insinuator.net/2013/07/snmp-reflected-amplification-ddos-attacks/] > so knowing the term "private" mi

Re: NSA able to compromise Cisco, Juniper, Huawei switches

I built the other. Sent from my Mobile Device. Original message From: Jeremy Bresley Date: 12/30/2013 7:34 AM (GMT-09:00) To: nanog@nanog.org Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches On 12/30/2013 9:05 AM, Warren Bailey wrote: > I'd love

Re: NSA able to compromise Cisco, Juniper, Huawei switches

y shocked this morning. Sent from my Mobile Device. Original message From: valdis.kletni...@vt.edu Date: 12/30/2013 6:48 AM (GMT-09:00) To: "Dobbins, Roland" Cc: "nanog@nanog.org list" Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On 12/30/2013 9:05 AM, Warren Bailey wrote: I'd love to know how they were getting in flight wifi. Sent from my Mobile Device. Original message From: sten rulz Date: 12/30/2013 12:32 AM (GMT-09:00) To: nanog@nanog.org Subject: NSA able to compromise Cisco, Juniper, H

Re: NSA able to compromise Cisco, Juniper, Huawei switches

This might be an interesting example of it's (mis)use. http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005 Sam Moats On 2013-12-30 11:16, Enno Rey wrote: On Mon, Dec 30, 2013 at 04:03:07PM +, Dobbins, Roland wrote: On Dec 30, 2013, at 10:44 PM, wrote: > What percenta

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, Dec 30, 2013 at 04:03:07PM +, Dobbins, Roland wrote: > > On Dec 30, 2013, at 10:44 PM, > wrote: > > > What percentage of Cisco gear that supports a CALEA lawful intercept mode > > is installed in situations where CALEA doesn't apply, and thus there's a > > high likelyhood that sa

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On 12/30/2013 08:03 AM, Dobbins, Roland wrote: On Dec 30, 2013, at 10:44 PM, wrote: What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abus

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 11:03 PM, Dobbins, Roland wrote: > AFAIK, it must be explicitly enabled in order to be functional. It isn't the > sort of thing which is enabled by default, nor can it be enabled without > making explicit configuration changes. It's also possible they're talking about som

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 10:44 PM, wrote: > What percentage of Cisco gear that supports a CALEA lawful intercept mode is > installed in situations where CALEA doesn't apply, and thus there's a high > likelyhood that said support is misconfigured and abusable without being > noticed? AFAIK, it m

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, 30 Dec 2013 14:34:52 +, "Dobbins, Roland" said: > My assumption is that this allegation about Cisco and Juniper is the result > of non-specialists reading about lawful intercept for the first time, and > failing to do their homework. That does raise an interesting question. What perce

RE: NSA able to compromise Cisco, Juniper, Huawei switches

I'd love to know how they were getting in flight wifi. Sent from my Mobile Device. Original message From: sten rulz Date: 12/30/2013 12:32 AM (GMT-09:00) To: nanog@nanog.org Subject: NSA able to compromise Cisco, Juniper, Huawei switches Found some interesting news o

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 8:07 PM, Ray Soucy wrote: > I hope Cisco, Juniper, and others respond quickly with updated images for all > platforms affected before the details leak. During my time at Cisco, I was involved deeply enough with various platform teams as well as PSIRT, etc., to assert with

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy wrote: > > I hope Cisco, Juniper, and others respond quickly with updated images for > all platforms affected before the details leak. So, if this plays out nice (if true, it won't), the fix will come months before the disclosure. Think, if you're leasi

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Even more outrageous than the domestic spying is the arrogance to think that they can protect the details on backdoors into critical infrastructure. They may have basically created the framework for an Internet-wide kill switch, that likely also affects every aspect of modern communication. Since

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 6:18 PM, Saku Ytti wrote: > I welcome the short-term havok and damage of such disclose if it would be > anywhere near the magnitude implied, it would create pressure to change > things. This is the type of change we're likely to see, IMHO:

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Dec 30, 2013, at 5:06 PM, Saku Ytti wrote: > The quality of this data is too damn low. The #1 way that Cisco routers and switches are compromised is brute-forcing against an unsecured management plane, with username 'cisco' and password 'cisco. The #1 way that Juniper and switches are com

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-30 06:12 -0500), Shawn Wilson wrote: > I don't really want you to know how to recreate it until the companies have > had a chance to fix said issue. I'd hope, if such issues were disclosed, > those news outlets would go through proper channels of disclosure before > going to press w

Re: NSA able to compromise Cisco, Juniper, Huawei switches

Saku Ytti wrote: >On (2013-12-30 20:30 +1100), sten rulz wrote: > >I really think we're doing disservice to an issue which might be at >scale of >human-rights issue, by spamming media with 0 data news. Where is this >backdoor? How does it work? How can I recreate on my devices? I don't really

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On (2013-12-30 20:30 +1100), sten rulz wrote: > Found some interesting news on one of the Australia news websites. > > http://www.scmagazine.com.au/News/368527,nsa-able-to-compromise-cisco-juniper-huawei-switches.aspx The quality of this data is too damn low. Not as bad as this though, http://c

NSA able to compromise Cisco, Juniper, Huawei switches

Found some interesting news on one of the Australia news websites. http://www.scmagazine.com.au/News/368527,nsa-able-to-compromise-cisco-juniper-huawei-switches.aspx Regards, Steven.