Thomas, Sorry to hear about the router...Rest of my reply is in-line... On Thu, 25 Apr 2002, Thomas Springer wrote: >Obviously, one of our external cisco-devices with default-password set was >compromised: > >Anybody knows a script/scanner doing this stuff? Haven't heard of one specifically for Cisco routers - but the ole port scan for tcp/23 works wonders. Then using any number of scripts to grab service banners. Such scripts can be found at packetstorm, neworder, and many other places. Links: http://www.packetstormsecurity.com http://neworder.box.sk (possible pr0n popup...view in private) >I know tools like CScan, but none of them changes password and logon-message. >And anybody has a clue about the password?? (it was, yeah, 'cisco' - but >the hacker changed it...) Time for some password recovery... http://www.cisco.com/warp/public/474/ It's a pretty painless process. Good luck on the router. -gordo ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 09:51:11 PDT