Thomas, there is a very nice pub. put out by NSA titled Router Security and Configuration Guide. The authors write pointedly at cisco devices. check it out at W2KGuidesat_private we have all been there at one time or another... george. ----- Original Message ----- From: "Thomas Springer" <tuevat_private> To: <incidentsat_private> Sent: Thursday, April 25, 2002 7:08 AM Subject: compromised cisco | Obviously, one of our external cisco-devices with default-password set was | compromised: | | telnet cisco.customer.xx | Trying a.b.c.d... | Connected to a.b.c.d. | Escape character is '^]'. | | Compromised | Please don't use default passwords | | User Access Verification | | Password: | | Anybody knows a script/scanner doing this stuff? | I know tools like CScan, but none of them changes password and logon-message. | And anybody has a clue about the password?? (it was, yeah, 'cisco' - but | the hacker changed it...) | | | | Thomas Springer | | | -------------------------------------------------------------------------- -- | This list is provided by the SecurityFocus ARIS analyzer service. | For more information on this free incident handling, management | and tracking system please see: http://aris.securityfocus.com | | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 12:43:45 PDT