IOS Crash Analysis and Rootkit Wiki

Edit

IOS rootkits

The general aim of a rootkit (IOS or not) is to modify the system in a way that allows an unauthorized person access, preferably in a hidden manner.

Edit

Binary Modification Rootkits

The most common way to implement a backdoor or rootkit is the modification of the binary code of the operating system attacked. IOS rootkits make no difference here. There are generally three types of IOS binary modification rootkits: image patching, runtime patching and boot IOS patching.

Edit

Image Modification Rootkits

xxx

Edit

Runtime Patching Rootkits

xxx

Edit

Boot IOS Patching Rootkits

xxx

Edit

TCL Backdoors

Cisco IOS contains a TCL script interpreter in later versions. This allows running scripts that bind to a TCP port, which presents a portable and easy way to implement a backdoor.

Powered by ScrewTurn Wiki, provided by Recurity Labs GmbH.