Security Incidents mailing list archives
Fw: ckcool?
From: "James" <jlotts () gte net>
Date: Wed, 20 Feb 2002 16:33:37 -0600
There are not any vulnerabilities that I know of. He probably had that server set as a 'DMZ server', which in Linksys terms, means that it is completely open to the Internet. Were I to hazzard a guess, it was probably changed from the inside. Do you know if he had the default password set, or remote administration enabled? James
-----Original Message----- From: Bob Maccione [mailto:Bob_Maccione () hilton com] Sent: Tuesday, February 19, 2002 8:45 AM To: 'incidents () securityfocus com' Subject: ckcool? I have a friend that got hacked running linux. Luckly it's an inmature enough hack that the mess left behind told me what happened. In this case
a
user was created called 'ckcool' and then a rootkit was thrown down. I'm going to get the disk from him to see what all was done but one thing puzzled me. It seems that the password on the Linksys firewall/router was also changed. Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL router/firewalls? thanks bob --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ckcool? Bob Maccione (Feb 20)
- Re: ckcool? Johan Denoyer (Feb 22)
- Re: ckcool? Chris Wilkes (Feb 22)
- <Possible follow-ups>
- Re: ckcool? Mike Shaw (Feb 22)
- RE: ckcool? Bob Maccione (Feb 22)
- Fw: ckcool? James (Feb 22)