WILTW (What I Learned This Week) is a (hopefully) never-ending series of mini-posts, once a week, until the end of time. Terms and holidays apply.

Messing with IOS images

Very interesting article on the evolution of attacks on devices running Cisco IOS. In short, these are the things they found in the wild:

  • two incidents that modified the IOS image in flash to weaken the Diffie-Helman algorithm - targeted attack (digital signature checking would detect it)
  • two incidents where modifications were done to the running code (in memory) to allow for certain packets to be exfiltrated to an attacker IP - or to add NAT so a hidden host would become accessible to the attacker (admin credentials required)
  • another that modified the ROMMON for persistence then at boot injected changes in the running code (admin credentials required) - exfiltration via ICMP payload to attacker or NAT
  • last one is called SYNful Knock - details here

What's good:

We have reviewed all Cisco IOS command line interface (CLI) commands, and have removed commands that provide limited value to customers during normal device operation, but could be misused by attackers with access to the device CLI.

What's even better:

We are in the pilot phase of an image validation service that offers customers the ability to quickly and automatically analyze and detect modified Cisco IOS images running on their Cisco devices.

Sending command output to the clipboard via a script

This is a simple script (get it here) that you can pipe output to which results in it being in the system clipboard. Quite handy when you don't want to reach for the mouse all the time.

echo 123 | clipboard

Linux systems have 2 clipboards for whatever silly reason, depending on which you want to use, you might have to remove -selection clipboard from the xclip command.

All code is bad

I know I shouldn't be happy that others have it just as bad, but it is a bit heartwarming to read that not only networking's full of special snowflakes - this article says it all (and it applies oh-so-well to so many areas of life).

Every programmer occasionally, when nobody's home, turns off the lights, pours a glass of scotch, puts on some light German electronica, and opens up a file on their computer. It's a different file for every programmer. Sometimes they wrote it, sometimes they found it and knew they had to save it. They read over the lines, and weep at their beauty, then the tears turn bitter as they remember the rest of the files and the inevitable collapse of all that is good and true in the world. This file is Good Code. It has sensible and consistent names for functions and variables. It's concise. It doesn't do anything obviously stupid. It has never had to live in the wild, or answer to a sales team. It does exactly one, mundane, specific thing, and it does it well. It was written by a single person, and never touched by another. It reads like poetry written by someone over thirty.

Until next week

Did you learn anything interesting this week? Let me know or share it with everybody else in the comments below!

And, as always, thanks for reading.


Any comments? Contact me via Mastodon or e-mail.


Share & Subscribe!