Difference between revisions of "NSA ANT By TAO"
(Created page with "How does the NSA TAO team backdoor Cisco VPN's, firewall's and security appliances. A friendly hacker donated a [http://www.cisco.com/c/en/us/products/security/pix-515e-securi...") |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
More used/deployed hardware is appreciated from ISP's. Hint hint. | More used/deployed hardware is appreciated from ISP's. Hint hint. | ||
+ | |||
+ | |||
Looking for: | Looking for: | ||
− | * Cisco PIX (500-series) JETPLOW | + | * <s>Cisco PIX (500-series)</s> JETPLOW |
* Cisco ASA (5505, 5510, 5520, 5540, 5550)JETPLOW | * Cisco ASA (5505, 5510, 5520, 5540, 5550)JETPLOW | ||
* Juniper SSG 500 and SSG 300 series firewalls FEEDTHROUGH | * Juniper SSG 500 and SSG 300 series firewalls FEEDTHROUGH | ||
Line 19: | Line 21: | ||
Soon. :-) | Soon. :-) | ||
+ | |||
+ | '''Handy links:''' | ||
+ | * http://www.cisco.com/public/scc/compass/3810/tasks/task_3810-v_boot_rom_replace.htm | ||
+ | * http://uk.alibaba.com/trading-search?CatId=0&Country=&SearchText=cisco+plcc&IndexArea=product_en | ||
+ | * http://www.optimumdata.com/shop/files/cisco/1600/1600_Series_Upgrading_Boot_Roms.pdf | ||
+ | * http://www.cisco.com/public/scc/compass/pdfs/0000_t_plccrom_insert.pdf | ||
+ | * http://www.cisco.com/public/scc/compass/pdfs/0000_t_plccrom_remove.pdf |
Latest revision as of 17:36, 9 September 2014
How does the NSA TAO team backdoor Cisco VPN's, firewall's and security appliances. A friendly hacker donated a Cisco pix 515e to play with analyzing how the TAO might backdoor this system. Research focuses on dumping BIOS binary, developing persistent backdoor for the BIOS or other components and provide way on how to detect possible backdoors.
https://www.schneier.com/blog/archives/2014/01/jetplow_nsa_exp.html
More used/deployed hardware is appreciated from ISP's. Hint hint.
Looking for:
-
Cisco PIX (500-series)JETPLOW - Cisco ASA (5505, 5510, 5520, 5540, 5550)JETPLOW
- Juniper SSG 500 and SSG 300 series firewalls FEEDTHROUGH
- Juniper ns5xt, ns25, ns50, ns200, ISG 1000 SOUFFLETHROUGH
- Any Juniper running JunOS (modified freebsd) (http://phrack.org/issues/66/5.html) SIERAMONTANA
- Huawei Eudemon (HALLUXWATER)
Components needed: More soon.
Analysis:
Soon. :-)
Handy links:
- http://www.cisco.com/public/scc/compass/3810/tasks/task_3810-v_boot_rom_replace.htm
- http://uk.alibaba.com/trading-search?CatId=0&Country=&SearchText=cisco+plcc&IndexArea=product_en
- http://www.optimumdata.com/shop/files/cisco/1600/1600_Series_Upgrading_Boot_Roms.pdf
- http://www.cisco.com/public/scc/compass/pdfs/0000_t_plccrom_insert.pdf
- http://www.cisco.com/public/scc/compass/pdfs/0000_t_plccrom_remove.pdf