[NANOG] IOS rootkits

Gadi_Evron1 · May 17, 2008, 1:06am

At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS rootkit. skip below for the news item itself.

We've had discussions on this before, here and elsewhere. I've been heavily attacked on the subject of considering router security as an issue when compared to routing security.

I have a lot to say about this, looking into this threat for a few years now and having engaged different organizations within Cisco on the subject in the past. Due to what I refer to as an "NDA of honour" I will just relay the following until it is "officially" public, then consider what should be made public, including:

1. Current defense startegies possible with Cisco gear
2. Third party defense strategies (yes, they now exist)
2. Cisco response (no names or exact quotes will likely be given)
3. A bet on when such a rootkit would be public, and who won it (participants are.. "relevant people").

From:
http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.html

"A security researcher has developed malicious rootkit software for Cisco's routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic.

Sebastian Muniz, a researcher with Core Security Technologies, developed the software, which he will unveil on May 22 at the EuSecWest conference in London. "

Gadi Evron.

Paul_WALL · May 17, 2008, 1:13am

Gadi,

Please try to keep the self-promotion to a minimum, and come back when
you have meaningful data to share with operators.

Examples would include a list of affected platforms and code
revisions, as well as preventative measures.

Thank you,
Paul

Gadi_Evron1 · May 17, 2008, 1:19am

Gadi,

Please try to keep the self-promotion to a minimum, and come back when
you have meaningful data to share with operators.

Examples would include a list of affected platforms and code
revisions, as well as preventative measures.

Name on the door, money to be sent via paypal. I will sign my playgirl cover for 5 USD each.

This is operational, and it is about me saying "na na na na na, na na na na na na" to a discussion from two years ago. I have every intention to gloat, but I will keep it to a minimum.

Yes?

Gadi.

Dragos_Ruiu · May 17, 2008, 3:29am

The question this presentation begs for me... is how many of the folks on this list do integrity checking on their routers?

You can no longer say this isn't necessary :-).

I know FX and a few others are working on toolsets for this...

I'll probably have other comments after I see the presentation.
This development has all sort of implications for binary signing requirements, etc...

cheers,
--dr

Tony_Varriale · May 17, 2008, 3:57am

IIRC, the toolkit(s) can only be installed once having priv 15 on the device.

If this is the case, the practicality of this is...well...not that significant.

I do think the significance is that we are getting closer and closer to treating infrastructure devices as end stations with respect to susceptibility.

Looking forward to seeing all the details.

Gadi, have fun

tv

Deepak_Jain · May 19, 2008, 7:10pm

Wouldn't this level of verification/authentication of running code be a pretty trivial function via RANCID or similar tool?

I understand *why* we are worried about rootkits on individual servers. On essentially "closed" platforms this isn't going to be rocket science.
It may seem odd by today's BCPs, but booting up from "golden" images via write-protected hardware or TFTP or similar is pretty straightforward -- especially for those of us who run large server farms.

A POP or node could certainly keep a few servers around that are a permanent repository of these items for all the devices that get images.

If you can't trust the boot rom, well, that's an entirely separate matter.

I think the issue with rootkits whether server or embedded device is more about infection vector than the maliciousness that could be caused AFTER a compromise has occurred.

Deepak Jain

Dragos Ruiu wrote:

Buhrmaster_Gary · May 19, 2008, 7:41pm

I understand *why* we are worried about rootkits on
individual servers.
On essentially "closed" platforms this isn't going to be
rocket science.
It may seem odd by today's BCPs, but booting up from "golden"
images via
write-protected hardware or TFTP or similar is pretty
straightforward

Since todays bootstrap codes are in EEPROM (or
equivalent), if you get "root" once, you can
have "root" forever. Faking file system content
(and real time replacing of code) is the core
of any current (good) Linux/Mac/Windows rootkit.
Cisco/Juniper/Force10/whatever is just another
platform to do the same if you can replace the
bootstrap. Modular IOS might even make it
easier to do dynamic code insertion.

There are platforms (Xbox?, Tivo?, etc.) that try
to do cryptographic validation of the code they
are loading. Network devices are not yet doing
a true cryptograhic validation as far as I know,
although one could imagine that that might be a
next step to protect against that specific threat
(although I seem to recall that bypassing the Xbox
validations only took a few months, so it is harder
than it first appears to get right).

Gary

Deepak_Jain · May 19, 2008, 7:55pm

Buhrmaster, Gary wrote:

I understand *why* we are worried about rootkits on individual servers. On essentially "closed" platforms this isn't going to be rocket science.
It may seem odd by today's BCPs, but booting up from "golden" images via write-protected hardware or TFTP or similar is pretty straightforward

Since todays bootstrap codes are in EEPROM (or
equivalent), if you get "root" once, you can
have "root" forever. Faking file system content
(and real time replacing of code) is the core
of any current (good) Linux/Mac/Windows rootkit.
Cisco/Juniper/Force10/whatever is just another
platform to do the same if you can replace the
bootstrap. Modular IOS might even make it
easier to do dynamic code insertion.

There are platforms (Xbox?, Tivo?, etc.) that try
to do cryptographic validation of the code they
are loading. Network devices are not yet doing
a true cryptograhic validation as far as I know,
although one could imagine that that might be a
next step to protect against that specific threat
(although I seem to recall that bypassing the Xbox
validations only took a few months, so it is harder
than it first appears to get right).

I think that is exactly the point. Once a box has been thoroughly compromised, its almost impossible to bring it back to a "known, good" state without a complete (reformat). In the case of embedded HW, that may include wiping/rewriting the EEPROMs to a known good state.

I don't think this is going to be outside of the purview of Network Operators for very long, no matter what the case.

Anti-virii and such are somewhat interesting in the end-system model, but when downtimes need to be scheduled significantly in advance for network operations you either a) prevent infection by much tighter controls at the get-go or b) provide a high-trust way to keep the systems in a known good-state. This, of course, assumes true "bugs" are kept to a minimum.

It does raise significant security concerns for those networks that have employees/contractors/etc with turn-over that could leave a parting "gift" in their respective networks. Changing passwords isn't really sufficient anymore.

DJ

Gadi_Evron1 · May 20, 2008, 7:31am

Wouldn't this level of verification/authentication of running code be a pretty trivial function via RANCID or similar tool?

Absolutely, and it actually makes sense. The problem though is that it is one again an escalation war and counter-inventions keep happening. RANCID will connect remotely and use the local tools to get results, these local tools or their esults can be altered.

I understand *why* we are worried about rootkits on individual servers. On essentially "closed" platforms this isn't going to be rocket science.
It may seem odd by today's BCPs, but booting up from "golden" images via write-protected hardware or TFTP or similar is pretty straightforward -- especially for those of us who run large server farms.

That is a neat idea, you mean something like a magic card?
Well, the rootkit could still hide in memory, or heck, on the video card if it likes. While XR is not implemented your best bet is reflashing with an updated version, screws up the memory allocations which is apparently a difficult problem to overcome.

A POP or node could certainly keep a few servers around that are a permanent repository of these items for all the devices that get images.

If you can't trust the boot rom, well, that's an entirely separate matter.

I think the issue with rootkits whether server or embedded device is more about infection vector than the maliciousness that could be caused AFTER a compromise has occurred.

Here is very much disagree with you. Imagine what you can do with a Trojan horse on a computer, say a server. You could, in effective terms, use it as your own. You'd own it. The same is true for a router.

You could sniff the network, steal traffic, use it as a bridge to connect to potnetially any part of your network, hide traffic, etc. The potential for attackrs is almosy "cool".

Gadi.