On thing I find odd is<p><i>"JETPLOW is a persistent implant of EPICBANANA. Digitally signed Cisco software is signed using secure asymmetrical (public-key) cryptography in newer platforms prevents these types of attacks. The purpose of digitally signed Cisco software is to increase the security posture of Cisco ASA devices by ensuring that the software running on the system has not been tampered with and originated from a trusted source as claimed."</i><p>They claim that the implant is digitally signed, then they say that it shouldn't work because Cisco software is digitally signed also, and it's verified by the Cisco Secure Boot.<p>Isn't that a bit contradictory? sure they might have had flaws in their verification process (we've seen signature verifications that were nothing more than "is this a signed message" before) but since Cisco verifies the signature properly (as you haven't been able to binary patch Cisco boot images for 5+ years) doesn't this implies that the NSA got a hold of the signing keys used by Cisco or an authorized 3rd party?
re: EXTRABACON<p>If you have SNMP listening on a public ipv4/ipv6 interface of a firewall (I don't care if it's an EOL/EOS PIX or not), you have done something fundamentally wrong from the start. As a network engineer seeing something like this in a business customer's equipment would cause me to seriously reconsider all other decisions/security configurations made by a predecessor or third party contractor.