Re: compromised cisco

From: Gordon Ewasiuk (gewasiukat_private)
Date: Thu Apr 25 2002 - 09:45:51 PDT

  • Next message: george johnson: "Re: compromised cisco"

    Thomas,
    
    Sorry to hear about the router...Rest of my reply is in-line...
    
    On Thu, 25 Apr 2002, Thomas Springer wrote:
    
    >Obviously, one of our external cisco-devices with default-password set was
    >compromised:
    >
    >Anybody knows a script/scanner doing this stuff?
    
    Haven't heard of one specifically for Cisco routers - but the ole port
    scan for tcp/23 works wonders.  Then using any number of scripts to grab
    service banners.  Such scripts can be found at packetstorm, neworder, and
    many other places.  Links:
    
    http://www.packetstormsecurity.com
    http://neworder.box.sk   (possible pr0n popup...view in private)
    
    >I know tools like CScan, but none of them changes password and logon-message.
    >And anybody has a clue about the password?? (it was, yeah, 'cisco' - but
    >the hacker changed it...)
    
    Time for some password recovery...
    
    http://www.cisco.com/warp/public/474/
    
    It's a pretty painless process.  
    
    Good luck on the router.
    
    -gordo
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 09:51:11 PDT