Security Incidents mailing list archives

compromised cisco

From: Thomas Springer <tuev () serveraudit net>
Date: Thu, 25 Apr 2002 13:08:46 +0200

Obviously, one of our external cisco-devices with default-password set was
compromised:

        telnet cisco.customer.xx
        Trying a.b.c.d...
        Connected to a.b.c.d.
        Escape character is '^]'.

        Compromised
        Please don't use default passwords

        User Access Verification

        Password:

Anybody knows a script/scanner doing this stuff?
I know tools like CScan, but none of them changes password and logon-message.
And anybody has a clue about the password?? (it was, yeah, 'cisco' - but
the hacker changed it...)



Thomas Springer


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

compromised cisco Thomas Springer (Apr 25)
- Re: compromised cisco jlewis (Apr 25)
- Re: compromised cisco Gordon Ewasiuk (Apr 25)
- Re: compromised cisco george johnson (Apr 25)