On Thu, 25 Apr 2002, Thomas Springer wrote: > Obviously, one of our external cisco-devices with default-password set was > compromised: > > Anybody knows a script/scanner doing this stuff? > I know tools like CScan, but none of them changes password and logon-message. > And anybody has a clue about the password?? (it was, yeah, 'cisco' - but > the hacker changed it...) I didn't think there were 'default passwords' on most Cisco gear. Someone is running a scanner testing routers for easy passwords, and when they get in, they lock you out? That's definitely not nice. Perhaps you have syslog enabled and at least know where the access came from? You're probably going to need console access so you can do 'password recovery'. If you search for 'password recovery' at cio.cisco.com, you'll find instructions for breaking back into just about everything Cisco makes. -- ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 09:38:05 PDT