Category Archives: backdoor

Juniper backdoor explanation

A simple explanation of a backdoor

Irshaad Abdool contacted concerning the Juniper vulnerability here Unfortunately, reverse engineering a firmware image, and explaining assembly code doesn't cut it for a lot of the young IT folks :)

The vulnerability

A strcmp() call was inserted. strcmp() is used for string comparisons. If it's successful, you can proceed, if Not, you are denied. In this particular case, this was inserted right before the normal authentication with SSH (or telnet). So you had your normal login, that went through the normal SSH (and telnet) code, but right before that, you had a special user that could login, and bypass the normal SSH and telnet login. That's in summary how this vulnerability works.

If you have any questions, please send them to us :)

Belgacom & the Juniper backdoor in Mauritius

Juniper Security vulnerability

After Ajay Ramjatan talked about Juniper's latest vulnerability, decided to dig further to know the critical infrastructure in Mauritius that rely on the affected Juniper series. To make it simple, it's an "authorized code that allows someone to remotely decrypt VPN traffic".

Belgacom in Mauritius

Belgacom is present in Mauritius and is selling bandwidth to various ISPs. It obtained its license in 2012. According to Frederic Jacobs' analysis on gist , Belgacom is vulnerable to this vulnerability. The question which we would like Belgacom to answer is how much of Internet traffic from Mauritius is going through vulnerable Juniper equipment ? While, looking for a twitter account for the Mauritian branch, we found none. So, we decided to ask to Belgacom main branch, in the hope that they can explain to us what is the impact on the Internet in Mauritius. Our tweet : here .

Let's see where this lead :)