

Update on the Slicehost STL-A outage recently (DC routers got owned) - baconhigh
http://forum.slicehost.com/comments.php?DiscussionID=5327&page=1#Comment_27103

======
jtchang
Wow that's bad. When someone has full control of your routers you can never be
sure what they made off with. Remember that not everything is secured with
TLS/SSL. Heck think about all the traffic that is unencrypted that isn't HTTP.
Someone exploiting the management port of IOS could conceivably just log all
data and review at their leisure. Wiping IOS was most likely to cover their
tracks.

~~~
InclinedPlane
The simplistic conclusion is to blame it on people hacking for lols. The more
troubling thought is that someone malicious and methodical had taken control
of their routers secretly for an unknown amount of time and only caused damage
when they thought they'd got enough of what they wanted or were in danger of
being found out.

As you say that second rabbit hole could go pretty deep.

------
jimfl
What frightens me even more than Luke taking the edge routers to Anchorhead,
is this phrase: "When we received alerts and reports from customers, our
operations team began to check our infrastructure." which suggests that they
didn't have monitoring in place that could detect and alert on even such a
coarse-grained event.

