Security Incidents mailing list archives
Re: compromised cisco
From: <jlewis () lewis org>
Date: Thu, 25 Apr 2002 12:25:53 -0400 (EDT)
On Thu, 25 Apr 2002, Thomas Springer wrote:
Obviously, one of our external cisco-devices with default-password set was compromised: Anybody knows a script/scanner doing this stuff? I know tools like CScan, but none of them changes password and logon-message. And anybody has a clue about the password?? (it was, yeah, 'cisco' - but the hacker changed it...)
I didn't think there were 'default passwords' on most Cisco gear. Someone is running a scanner testing routers for easy passwords, and when they get in, they lock you out? That's definitely not nice. Perhaps you have syslog enabled and at least know where the access came from? You're probably going to need console access so you can do 'password recovery'. If you search for 'password recovery' at cio.cisco.com, you'll find instructions for breaking back into just about everything Cisco makes. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- compromised cisco Thomas Springer (Apr 25)
- Re: compromised cisco jlewis (Apr 25)
- Re: compromised cisco Gordon Ewasiuk (Apr 25)
- Re: compromised cisco george johnson (Apr 25)