Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Install Highly Persistent Malware Implants On Cisco Routers

Posted by timothy on from the managers-value-persistence dept.

itwbennett writes: Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on Cisco business routers in four countries. The router implant, dubbed SYNful Knock, implements a backdoor password for privileged Telnet and console access and also listens for commands contained in specifically crafted TCP SYN packets — hence the name SYNful Knock. In the cases investigated by Mandiant the SYNful Knock implant was not deployed through a vulnerability, but most likely through default or stolen administrative credentials.

1 of 168 comments (clear)

  1. Old news - even already reported by Cisco. by Moskit · · Score: 3, Informative

    Cisco already published security advisory on that a month ago:
    http://tools.cisco.com/securit...

    Attackers required either valid admin credentials or physical access to device to replace firmware. Such attacks were understood for a long time.

    Nevertheless it's interesting to observe increase in attacks against infrastructure itself, rather than bandwidth.