Security Incidents mailing list archives
Re: compromised cisco
From: "george johnson" <george.johnson () caci-nsg com>
Date: Thu, 25 Apr 2002 13:24:37 -0400
Thomas, there is a very nice pub. put out by NSA titled Router Security and Configuration Guide. The authors write pointedly at cisco devices. check it out at W2KGuides () nsa gov.... we have all been there at one time or another... george. ----- Original Message ----- From: "Thomas Springer" <tuev () serveraudit net> To: <incidents () securityfocus com> Sent: Thursday, April 25, 2002 7:08 AM Subject: compromised cisco | Obviously, one of our external cisco-devices with default-password set was | compromised: | | telnet cisco.customer.xx | Trying a.b.c.d... | Connected to a.b.c.d. | Escape character is '^]'. | | Compromised | Please don't use default passwords | | User Access Verification | | Password: | | Anybody knows a script/scanner doing this stuff? | I know tools like CScan, but none of them changes password and logon-message. | And anybody has a clue about the password?? (it was, yeah, 'cisco' - but | the hacker changed it...) | | | | Thomas Springer | | | -------------------------------------------------------------------------- -- | This list is provided by the SecurityFocus ARIS analyzer service. | For more information on this free incident handling, management | and tracking system please see: http://aris.securityfocus.com | | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- compromised cisco Thomas Springer (Apr 25)
- Re: compromised cisco jlewis (Apr 25)
- Re: compromised cisco Gordon Ewasiuk (Apr 25)
- Re: compromised cisco george johnson (Apr 25)