Re: login attempt admin/password

[Seth <sethsec () gmail com>]

Do you have any NetGear Routers deployed at your site?
If so, does username=admin & password=password?

If either one of those answers is no, then you are not vulnerable to
that attack.  If you do have a netgear router, but you have changed
the default username or password, you are not vulnerable to that
attack.  This alert is just telling you that someone tried to log with
admin/password.  It does not tell you if the person stopped at that
attempt, or then attempted another 1000 username/password
combinations.

If you do have a NetGear router, I would recommend restricting access
to it to only the IP's that need to get to it using a host or network
based firewall, or both.

Regards,

Seth

On 8 Dec 2007 08:51:37 -0000, <tyrian2uk () yahoo co uk> wrote:
> WEB-INSC NetGear router Default password login attempt admin/password
>
>
> i see this signature detect by IDS
>
> how do i check if it is a threat or not ?
>
>
> external ip:1710 -> internal IP:80
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------