There are not any vulnerabilities that I know of. He probably had that server set as a 'DMZ server', which in Linksys terms, means that it is completely open to the Internet. Were I to hazzard a guess, it was probably changed from the inside. Do you know if he had the default password set, or remote administration enabled? James > > -----Original Message----- > From: Bob Maccione [mailto:Bob_Maccioneat_private] > Sent: Tuesday, February 19, 2002 8:45 AM > To: 'incidentsat_private' > Subject: ckcool? > > > I have a friend that got hacked running linux. Luckly it's an inmature > enough hack that the mess left behind told me what happened. In this case a > user was created called 'ckcool' and then a rootkit was thrown down. I'm > going to get the disk from him to see what all was done but one thing > puzzled me. It seems that the password on the Linksys firewall/router was > also changed. > > Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL > router/firewalls? > > thanks > bob > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. For more > information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 16:36:56 PST