Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: ckcool?

From: "James" <jlotts () gte net>
Date: Wed, 20 Feb 2002 16:33:37 -0600
There are not any vulnerabilities that I know of.  He probably had that
server set as a 'DMZ server', which in Linksys terms, means that it is
completely open to the Internet.  Were I to hazzard a guess, it was probably
changed from the inside.  Do you know if he had the default password set, or
remote administration enabled?

James


-----Original Message-----
From: Bob Maccione [mailto:Bob_Maccione () hilton com]
Sent: Tuesday, February 19, 2002 8:45 AM
To: 'incidents () securityfocus com'
Subject: ckcool?


I have a friend that got hacked running linux.  Luckly it's an inmature
enough hack that the mess left behind told me what happened.  In this case

a

user was created called 'ckcool' and then a rootkit was thrown down.  I'm
going to get the disk from him to see what all was done but one thing
puzzled me.  It seems that the password on the Linksys firewall/router was
also changed.

Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL
router/firewalls?

thanks
bob


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service. For more
information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: