RE: JETPLOW from Andrew Podosenin on 2013-12-31 (Ccielab archives 12/2013)

From: Andrew Podosenin <andrew.podosenin_at_gmail.com>
Date: Mon, 30 Dec 2013 22:25:45 -0500

Marc,

Would it make any sense to reach out to the vendor for official comments?

Andrew

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adam
Booth
Sent: Monday, December 30, 2013 9:39 PM
To: marc edwards
Cc: Carl Gosselin; Matthew George; groupstudy
Subject: Re: JETPLOW

Hi Marc,

Just looking at the JETPLOW image Matt linked to, it states that it was from
2008 using information from the previous year, so potentially those exploits
have been available and in use for quite some time during the active product
life the listed devices.

Sure, many of those items are now listed as end of sales and approaching end
of support but I'm sure boxes like the 5510 have been mass deployed by many
consultants as it was seen as an appropriate tool at the time. That said it
seems to be related to particular OS versions, so separate to the hardware
side perahps keeping a reasonable patch management regime would be
reasonable argument to make? (presuming those backdoors aren't able to ride
the upgrade process if they are already onboard)

Cheers,
Adam

On Tue, Dec 31, 2013 at 10:13 AM, marc edwards <renorider_at_gmail.com> wrote:

> All of the Cisco models in the report are EoL or EoL announced. Amazes
> me when organizations worried about security cleave to older firewall
> technologies. This is one spot it is worth sticking to a healthy
> refresh cycle (3 years MAX!). Only a liability when dragging life out
> of an older security asset. Article is case and point Thanks for sharing!
>
> -Marc
>
> Marc Edwards
> CCIE #38259
>
>
> On Mon, Dec 30, 2013 at 1:54 PM, Carl Gosselin
> <carl.gosselin_at_altizone.com>wrote:
>
> > Just love the code name...
> > Cottonmouth... Means everything!!
> >
> > > On Dec 30, 2013, at 16:50, Matthew George <mgeorge_at_geores.net> wrote:
> > >
> > > Just for the record I'm not saying that these documents are
> > > factually correct.
> > >
> > > However with all the things that have come to light this past
> > > year, if
> > and
> > > that is a BIG IF, these documents were to be accurate than such a
> > > vulnerability is scary.
> > >
> > > At the end of the day, Edward Snowden wouldn't be the number one
> > fugitive of
> > > the united states government if he was releasing bullshit right?
> > >
> > > Personally I think this one is pretty cool;
> > >
> > >
> http://leaksource.files.wordpress.com/2013/12/nsa-ant-cottonmouth-i.jp
> g
> > >
> > > Anywho...
> > >
> > > -----Original Message-----
> > > From: Carl Gosselin [mailto:carl.gosselin_at_altizone.com]
> > > Sent: Monday, December 30, 2013 4:40 PM
> > > To: Matthew George
> > > Cc: groupstudy
> > > Subject: Re: JETPLOW
> > >
> > > That is sure to reopen the debate about open source software vs
> > > proprietary...
> > >
> > > I'm not even touching the question about if Ed Snowden is a
> > > traitor or
> a
> > > patriot...
> > >
> > > Happy new year!!
> > >
> > > -Carl
> > >
> > >> On Dec 30, 2013, at 16:00, Matthew George <mgeorge_at_geores.net> wrote:
> > >>
> > >> While chatting in #cisco on irc.freenode.net some interesting
> > >> links started getting posted to several NSA leaked documents that
> > >> got released last night at 3:17am
> > >>
> > >>
> > >>
> > >> One of them that particularly caught my eye was JETPLOW.
> > >>
> > >>
> > >>
> > >> http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg
> > >>
> > >>
> > >>
> > >> Wanted to open the door to discussion, opinions, comments.
> > >>
> > >>
> > >>
> > >> There is also another leak related to Juniper called FEEDTHROUGH
> > >>
> > >>
> > >>
> > >> http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough
> > >> .jpg
> > >>
> > >>
> > >>
> > >> Apparently these leaks are just now hitting main stream and there
> > >> are dozens more just like them for every major vendor.
> > >>
> > >>
> > >>
> > >> The question that keeps repeating in my head is, If the NSA can
> > >> compromise corporate firewalls through the use of these backdoor
> > >> technologies, than what is to prevent other countries from doing
> > >> the same with malicious intent? After all these are the very
> > >> types of hardware that typically protect the power grid
> > >> infrastructure,
> financial
> > > systems, hospitals, etc.
> > >>
> > >>
> > >>
> > >> -Matt
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >> _________________________________________________________________
> > >> _____ _ Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Dec 30 2013 - 22:25:45 ART

This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART