Vulnerability Development mailing list archives

Re: news story and router passwords

From: Mark Teicher <mark.teicher () NETWORKICE COM>
Date: Thu, 12 Oct 2000 20:17:40 -0700

One can also utilize SNMP to grab pertinent information.


 "ipAdEntAddr[\$NODEIP]",
 "sysName",
 "ipAdEntNetMask[\$NODEIP]",
 "ipForwarding",
 "sysObjectID",
 "sysUpTime",
 "sysLocation",
 "sysDescr",

and re-configure routers without the password if SNMP is not setup
correctly.  But I don't know anything about SNMP.. :)

At 01:30 AM 10/13/00 +0800, Lincoln Yeoh wrote:

At 04:35 PM 10/12/00 +0200, Vitaly Osipov wrote:
>Hello all,
>
>I think everybody knows that media reporting on hackers and their tools is,
>ehm, very improper :)
>I've read one article recently
> http://www.denverpost.com/business/biz1012d.htm  ) in which it is clamed
>that some hacker after sniffing router password changed it and made
>*something* after that they were not able to recover that password. Have
>somebody heard of such problems (it looks like they were using cisco,

One possible scenario:
The hacker could have reflashed the router or its modules with a custom
firmware, or just zapped the firmware. This can make password recovery
impossible. Custom firmware would be much harder but more scary - because
if the hacker does it right, you won't even notice till really bad things
happen. Getting and changing the router firmware usually isn't that
difficult, understanding it enough to make interesting changes without
totally breaking stuff is a bit harder. The way to fix this would be to
reflash the affected components with a decent release.

If it's really a Cisco and they have a contract they could just contact
Cisco TAC to fix things for them, instead of being held to ransom by the
hacker. When a customer sent us a faulty obsolete Cisco access server - no
contract, no nothing, and they bought it from someone else(!), Cisco
actually sent a replacement for _free_[1] within a few days! Customer
happy, we happy, TAC people happy, and no bets on what router that customer
will be buying next....

Cheerio,
Link.

Current thread:

Netscape crashes, sec. bug? Sylvan Ravinet (Oct 10)
- Re: Netscape crashes, sec. bug? Erik Tayler (Oct 10)
  - Cisco 678 exploit George (Oct 11)
    - news story and router passwords Vitaly Osipov (Oct 12)
    - Re: news story and router passwords Talisker (Oct 12)
    - Re: news story and router passwords Mathias Wegner (Oct 13)
    - Re: news story and router passwords Ralph Moonen (Oct 12)
    - Re: news story and router passwords Lincoln Yeoh (Oct 12)
    - Re: news story and router passwords Mark Teicher (Oct 13)
    - Re: news story and router passwords Talisker (Oct 13)
    - Re: news story and router passwords Mark Teicher (Oct 14)
    - Re: news story and router passwords Talisker (Oct 14)
    - Re: news story and router passwords Mark Teicher (Oct 14)
    - Re: news story and router passwords Jim Duncan (Oct 13)
    - Re: Cisco 678 exploit Damir Rajnovic (Oct 12)
    - Re: Cisco 678 exploit Joe (Oct 12)
    - Re: Cisco 678 exploit Damir Rajnovic (Oct 12)
- Re: Netscape crashes, sec. bug? Colin Phipps (Oct 11)
- <Possible follow-ups>
- Re: Netscape crashes, sec. bug? Bob Dog (Oct 11)