Security Incidents mailing list archives
Re: compromised cisco
From: Gordon Ewasiuk <gewasiuk () gnmc net>
Date: Thu, 25 Apr 2002 12:45:51 -0400 (EDT)
Thomas, Sorry to hear about the router...Rest of my reply is in-line... On Thu, 25 Apr 2002, Thomas Springer wrote:
Obviously, one of our external cisco-devices with default-password set was compromised: Anybody knows a script/scanner doing this stuff?
Haven't heard of one specifically for Cisco routers - but the ole port scan for tcp/23 works wonders. Then using any number of scripts to grab service banners. Such scripts can be found at packetstorm, neworder, and many other places. Links: http://www.packetstormsecurity.com http://neworder.box.sk (possible pr0n popup...view in private)
I know tools like CScan, but none of them changes password and logon-message. And anybody has a clue about the password?? (it was, yeah, 'cisco' - but the hacker changed it...)
Time for some password recovery... http://www.cisco.com/warp/public/474/ It's a pretty painless process. Good luck on the router. -gordo ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- compromised cisco Thomas Springer (Apr 25)
- Re: compromised cisco jlewis (Apr 25)
- Re: compromised cisco Gordon Ewasiuk (Apr 25)
- Re: compromised cisco george johnson (Apr 25)