nanog mailing list archives
Re: Cisco Routers Vulnerability
From: Nick Hilliard <nick () foobar org>
Date: Mon, 13 Apr 2015 23:55:23 +0200
On 13/04/2015 23:48, Rashed Alwarrag wrote:
It's reported by different customers in different locations so I don't think it's password compromised
Have you checked? If the routers had vty access open (ssh or telnet) and the passwords were easy to guess, then it's more likely that this was a password compromise. You can test this out by getting a copy of one of the configs and decrypting the access password. Or by asking your customers whether their passwords were dictionary or simple words. It's possible that there was a remotely accessible vulnerability, but ios isn't known for this. Nick
Current thread:
- Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Christopher Morrow (Apr 13)
- Re: Cisco Routers Vulnerability John Schiel (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability John Schiel (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Nick Hilliard (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Nick Hilliard (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability George Herbert (Apr 13)
- RE: Cisco Routers Vulnerability Keith Medcalf (Apr 13)
- Re: Cisco Routers Vulnerability Doug McIntyre (Apr 19)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Alain Hebert (Apr 14)