It’s a strange thing. I can find voluminous exploit research in books and online on every topic under the sun; on every platform, covering all manner of software and hardware, with the exception of Cisco.
If you do the research on Cisco, obviously there’s the routine announcements relating to recently reported vulnerabilities and patching and so forth, but very little on exploit techniques and mitigation relating to the Cisco IOS.
The above is not strictly true.
Around 2006 a book was published by Hacking Exposed focusing exclusively on Cisco and there are bits and pieces online, but they’re all from this same period. If you’re prepared to spend time mining information, you can find the odd obscure proof-of-concept underground piece on Tcl worms, backdoors, trojans, rootkits etc, relating to Cisco, but that’s it.
Obviously reverse-engineering Cisco is prohibited and so I appreciate the fact not many folk are going to risk publishing their endeavours.
One name comes up repeatedly in terms of Cisco vulnerabilities, exploits etc ,and that is FX. I featured a video of his on this blog, but even his published work seems to be based around the 2006/8 mark.
So, I thought who better to ask about this strange paucity of research than FX himself:
@41414141 When I research IOS exploit techniques online everything seems to be dated around 2006. Nothing recent. Why is this?
— Stuart (@Stuey_James) September 13, 2014
@Stuey_James @41414141 no one has updated their routers since then… — Gary Smith (@fl1bbl3) September 13, 2014
@fl1bbl3 @Stuey_James sad but true. However, my final word on it is from 2008: http://t.co/hN7yOetLVg
— FX of Phenoelit (@41414141) September 14, 2014
@41414141 But why is there such a paucity of [recent] research online (and books) re Cisco network equipment? @fl1bbl3 — Stuart (@Stuey_James) September 14, 2014
@Stuey_James because nobody cares, least of all Cisco itself. E.g. slide 32 in http://t.co/GGgM9sRgyb — FX of Phenoelit (@41414141) September 14, 2014
@41414141 I simply don’t understand. This network gear appears to me as critical. Are folk exploiting it secretly or is nobody bothering?
— Stuart (@Stuey_James) September 14, 2014
@Stuey_James both secret exploitation and nobody bothering with their gear seem to be the norm. Welcome to CiscOMFG land. — FX of Phenoelit (@41414141) September 14, 2014
When you consider the importance of Cisco as a network hardware/software backbone; important enough for security agencies to allegedly intercept and implant covert firmware, this all seems very odd indeed.