Re: compromised cisco

From: george johnson (george.johnson@caci-nsg.com)
Date: Thu Apr 25 2002 - 10:24:37 PDT

  • Next message: Glenn Pitcher: "Winfreez DoS question"

    Thomas, there is a very nice pub. put out by NSA titled Router Security and
    Configuration Guide.  The authors write pointedly at cisco devices.  check
    it out at  W2KGuidesat_private
    
    we have all been there at one time or another...
    
    george.
    ----- Original Message -----
    From: "Thomas Springer" <tuevat_private>
    To: <incidentsat_private>
    Sent: Thursday, April 25, 2002 7:08 AM
    Subject: compromised cisco
    
    
    | Obviously, one of our external cisco-devices with default-password set was
    | compromised:
    |
    | telnet cisco.customer.xx
    | Trying a.b.c.d...
    | Connected to a.b.c.d.
    | Escape character is '^]'.
    |
    | Compromised
    | Please don't use default passwords
    |
    | User Access Verification
    |
    | Password:
    |
    | Anybody knows a script/scanner doing this stuff?
    | I know tools like CScan, but none of them changes password and
    logon-message.
    | And anybody has a clue about the password?? (it was, yeah, 'cisco' - but
    | the hacker changed it...)
    |
    |
    |
    | Thomas Springer
    |
    |
    | --------------------------------------------------------------------------
    --
    | This list is provided by the SecurityFocus ARIS analyzer service.
    | For more information on this free incident handling, management
    | and tracking system please see: http://aris.securityfocus.com
    |
    |
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 12:43:45 PDT