CISCO IOS Rookits are da bomb
Sebastian Muñiz also known as “topo” who worked hard on creating the first public IOS Rookit, which among several things is platform independent, has now created a blog named “Ret2Libc - REVERSE ENGINEERING AND RELATED”
He mentions a document disclosed by CISCO in response to his presentation on IOS rootkits (the one he also gave at EuSecWest 2008) which includes several security measures administrators can take to protect their routers.
Take a look at the blog right here: http://ret2libc.blogspot.com/
Later,