Well, it looks like the hackers are at it again. (BTW…I use the term “hackers” as my preferred term “slimy dog-poop scum” is too wordy…but either one works just as well.) Cisco just released a security alert concerning a hack which replaces the ROMMON firmware (the boot firmware) with malicious ROMMON code. This code does work, in terms of booting the router/switch properly, but it also contains malicious code. Fortunately, you do need either privileged access or physical access to the device. Note the credibility level…”Confirmed”.
Check out Cisco’s security alert here.
Good info. Any idea how to spot it?
Good question…I’m still reading through everything. There is a way to verify firmware integrity…let me check.