Re: JETPLOW

Yes the old 55x0s have been put on the eol train but I still see 515s around... and don't tell me they didn't try their shim out before the 55x5s were fcs'd.. come on now. Millions of nice little holes everywhere. I'm sure they were even nice enough to not use dns for any of that and included an update method for new ip space... makes siems seem pointless. My question is do they have tools such as mars and ips ignore such traffic? Makes me want to jump into my mars20s Oracle db and scour it.

--- Original Message ---

From: "Adam Booth" <adam.booth_at_gmail.com>
Sent: December 30, 2013 6:57 PM
To: "marc edwards" <renorider_at_gmail.com>
Cc: "Carl Gosselin" <carl.gosselin_at_altizone.com>, "Matthew George" <mgeorge_at_geores.net>, "groupstudy" <ccielab_at_groupstudy.com>
Subject: Re: JETPLOW

Hi Marc,

Just looking at the JETPLOW image Matt linked to, it states that it was
from 2008 using information from the previous year, so potentially those
exploits have been available and in use for quite some time during the
active product life the listed devices.

Sure, many of those items are now listed as end of sales and approaching
end of support but I'm sure boxes like the 5510 have been mass deployed by
many consultants as it was seen as an appropriate tool at the time. That
said it seems to be related to particular OS versions, so separate to the
hardware side perahps keeping a reasonable patch management regime would be
reasonable argument to make? (presuming those backdoors aren't able to ride
the upgrade process if they are already onboard)

Cheers,
Adam

On Tue, Dec 31, 2013 at 10:13 AM, marc edwards <renorider_at_gmail.com> wrote:

> All of the Cisco models in the report are EoL or EoL announced. Amazes me
> when organizations worried about security cleave to older firewall
> technologies. This is one spot it is worth sticking to a healthy refresh
> cycle (3 years MAX!). Only a liability when dragging life out of an older
> security asset. Article is case and point Thanks for sharing!
>
> -Marc
>
> Marc Edwards
> CCIE #38259
>
>
> On Mon, Dec 30, 2013 at 1:54 PM, Carl Gosselin
> <carl.gosselin_at_altizone.com>wrote:
>
> > Just love the code name...
> > Cottonmouth... Means everything!!
> >
> > > On Dec 30, 2013, at 16:50, Matthew George <mgeorge_at_geores.net> wrote:
> > >
> > > Just for the record I'm not saying that these documents are factually
> > > correct.
> > >
> > > However with all the things that have come to light this past year, if
> > and
> > > that is a BIG IF, these documents were to be accurate than such a
> > > vulnerability is scary.
> > >
> > > At the end of the day, Edward Snowden wouldn't be the number one
> > fugitive of
> > > the united states government if he was releasing bullshit right?
> > >
> > > Personally I think this one is pretty cool;
> > >
> > >
> http://leaksource.files.wordpress.com/2013/12/nsa-ant-cottonmouth-i.jpg
> > >
> > > Anywho...
> > >
> > > -----Original Message-----
> > > From: Carl Gosselin [mailto:carl.gosselin_at_altizone.com]
> > > Sent: Monday, December 30, 2013 4:40 PM
> > > To: Matthew George
> > > Cc: groupstudy
> > > Subject: Re: JETPLOW
> > >
> > > That is sure to reopen the debate about open source software vs
> > > proprietary...
> > >
> > > I'm not even touching the question about if Ed Snowden is a traitor or
> a
> > > patriot...
> > >
> > > Happy new year!!
> > >
> > > -Carl
> > >
> > >> On Dec 30, 2013, at 16:00, Matthew George <mgeorge_at_geores.net> wrote:
> > >>
> > >> While chatting in #cisco on irc.freenode.net some interesting links
> > >> started getting posted to several NSA leaked documents that got
> > >> released last night at 3:17am
> > >>
> > >>
> > >>
> > >> One of them that particularly caught my eye was JETPLOW.
> > >>
> > >>
> > >>
> > >> http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg
> > >>
> > >>
> > >>
> > >> Wanted to open the door to discussion, opinions, comments.
> > >>
> > >>
> > >>
> > >> There is also another leak related to Juniper called FEEDTHROUGH
> > >>
> > >>
> > >>
> > >> http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg
> > >>
> > >>
> > >>
> > >> Apparently these leaks are just now hitting main stream and there are
> > >> dozens more just like them for every major vendor.
> > >>
> > >>
> > >>
> > >> The question that keeps repeating in my head is, If the NSA can
> > >> compromise corporate firewalls through the use of these backdoor
> > >> technologies, than what is to prevent other countries from doing the
> > >> same with malicious intent? After all these are the very types of
> > >> hardware that typically protect the power grid infrastructure,
> financial
> > > systems, hospitals, etc.
> > >>
> > >>
> > >>
> > >> -Matt
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >> ______________________________________________________________________
> > >> _ Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Dec 30 2013 - 20:45:48 ART