What I've seen plenty of is extremely poor password policy. This is a general rule of all cable/dsl modems. It's possible and highly likely that the password was: a) blank b) "password", "pass123", part of the mac address host name, etc. c) shared on some other cracked system The other thing is that most of the cable/dsl modems out there are very brute forcible via telnet and/or http using something like brutus (http://www.hoobie.net/brutus/). It's possible that there is some sort of exploit against the box (snmp? Poor html interface security?), but many many cable/dsl modems out there are just poorly set up. -Mike While on the subject. At 08:45 AM 2/19/2002 -0600, Bob Maccione wrote: >I have a friend that got hacked running linux. Luckly it's an inmature >enough hack that the mess left behind told me what happened. In this case a >user was created called 'ckcool' and then a rootkit was thrown down. I'm >going to get the disk from him to see what all was done but one thing >puzzled me. It seems that the password on the Linksys firewall/router was >also changed. > >Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL >router/firewalls? > >thanks >bob > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 13:54:08 PST