Security Basics mailing list archives

RE: What to do if Cisco router & switches got hacked ?


From: "Dan Bartley" <bartleyd () corp netcarrier com>
Date: Mon, 5 Jan 2004 12:08:12 -0500

As far as the ISP part, no it is not their job to secure or provide free
consulting for a router you own and manage. You pay them for Internet
Access which is what they are providing.

Some offer paid consulting services for security, some don't. Some have
various managed security offerings and some don't. However, you still
pay for service. Most are glad to help with minor home PC issues though.

Best Regards, 

Dan Bartley


-----Original Message-----
From: Jimi Thompson [mailto:jimit () myrealbox com] 
Sent: Saturday, January 03, 2004 01:27
To: yfs us
Cc: security-basics () securityfocus com
Subject: Re: What to do if Cisco router & switches got hacked ?

First off,

You should probably be configuring your Cisco devices to use RADIUS and 
some sort of token for authentication to keep from getting hacked.  
Cisco IOS's weakest point is probably it's authentication.  You should 
also be patching your IOS and checking your configuration.  Since IBM 
seems to be handling your problem for you, why don't you ask them?  
ISP's don't typically help you hunt a hacker, so they don't seem to be 
out of line on this.  Your odds of finding the person who did this a 
very small.  Yes, you need good qualifications to go hacker hunting.  1)

"real" hackers don't like to be hunted and tend to make life difficult 
for those that hunt them and 2) they are usually good enough to be very 
difficult to trace.  Even script kiddies can be quite difficult to
trace.

HTH,

Jimi

yfs us wrote:

Hi All,

      Just want to find out does anyone here came
across
the cisco switches & router got hacked. I'm not sure
which
one actually got hacked coz I'm not a security expert.
I do
notice that sometime my switches & router refuse to
accept
connection. But when I change to a new want every
things
work fine. 
      I do ask the IBM technical support & they told
me that
it was hacked. So now once a week I need to call the
IBM
support to fix it. They usually replace it. I'm
wondering
how do I prevent these in the future. 
     Besides these I too like to know how do I track
the 
hacker ? I had mail my ISP & they reply please go & 
hire a security expert with a good qualification. Is
these
what one usually get if they need help from the ISP ?
It looks
like the ISP suck or they r the one who did it. Or
time to change
ISP.
    Does one really need to have a good qualification
to hunt
the hacker ? As far as I know everyone is a hacker the
only
different is some is good & some is lousy coz hacker r
not
born they too go thru a pain in the ass experince b4
they 
really call them self a elite haxor. 

   All help r welcome.

Cheers

__________________________________
Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003
http://search.yahoo.com/top2003

-----------------------------------------------------------------------
----
-----------------------------------------------------------------------
-----



 



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
----------------------------------------------------------------------------


Current thread: