[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Synful Knock questions...

Subject: Synful Knock questions...
From: Michael.Douglas at IEEE.org (Michael Douglas)
Date: Tue, 15 Sep 2015 14:35:44 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

Does anyone have a sample of a backdoored IOS image?

On Tue, Sep 15, 2015 at 2:15 PM, <eric-list at truenet.com> wrote:

> I'm sure most have already seen the CVE from Cisco, and I was just reading
> through the documentation from FireEye:
>
> https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.htm
> l
>
> Question is that it looks to me like they are over-writing the ospf
> response
> for "show ip ospf timers lsa-group"?
> And if that's the case I'm guessing the router would need to have ospf
> enabled to be able to see the response?
>
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
> F: 610-429-3222
>
>
>
>
>

Follow-Ups:
- Synful Knock questions...
  - From: jfbeam at gmail.com (Ricky Beam)

References:
- Synful Knock questions...
  - From: eric-list at truenet.com (eric-list at truenet.com)

Prev by Date: Synful Knock questions...
Next by Date: Synful Knock questions...
Previous by thread: Synful Knock questions...
Next by thread: Synful Knock questions...
Index(es):
- Date
- Thread