[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87333.1376229616@turing-police.cc.vt.edu>
Date: Sun, 11 Aug 2013 10:00:16 -0400
From: Valdis.Kletnieks@...edu
To: Pedro Luis Karrasquillo <peter_toyota@...mail.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do
On Sat, 10 Aug 2013 22:16:15 -0400, Pedro Luis Karrasquillo said:
> NSA picks this up remotely via a very secret SNMP command.
So has anybody ever spotted this SNMP command in a tcpdump?
Found the code that handles it in net-snmp? Cisco IOS? JunOS?
Nobody's ever caught their supervisor CPU get pegged due to SNMP
management? Nobody spotted it a few years ago when everybody and
their pet llama was fuszzing SNMP implementations? Not one "Hey,
that command didn't get rejected, wonder what it does"? If it isn't
on a device installed on the local net, how does the SNMP packet get
through firewalls and/or airgaps to the management network? And
more importantly, how does the return traffic get exfiltrated without
being noticed?
Occam's Razor suggests it's much more likely to be very similar in
form and function to a CALEA box on steroids.
Not saying the NSA isn't sucking up data - but I've seen no plausible
evidence that it's done via SNMP.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists