Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: compromised cisco

From: "george johnson" <george.johnson () caci-nsg com>
Date: Thu, 25 Apr 2002 13:24:37 -0400
Thomas, there is a very nice pub. put out by NSA titled Router Security and
Configuration Guide.  The authors write pointedly at cisco devices.  check
it out at  W2KGuides () nsa gov....

we have all been there at one time or another...

george.
----- Original Message -----
From: "Thomas Springer" <tuev () serveraudit net>
To: <incidents () securityfocus com>
Sent: Thursday, April 25, 2002 7:08 AM
Subject: compromised cisco


| Obviously, one of our external cisco-devices with default-password set was
| compromised:
|
| telnet cisco.customer.xx
| Trying a.b.c.d...
| Connected to a.b.c.d.
| Escape character is '^]'.
|
| Compromised
| Please don't use default passwords
|
| User Access Verification
|
| Password:
|
| Anybody knows a script/scanner doing this stuff?
| I know tools like CScan, but none of them changes password and
logon-message.
| And anybody has a clue about the password?? (it was, yeah, 'cisco' - but
| the hacker changed it...)
|
|
|
| Thomas Springer
|
|
| --------------------------------------------------------------------------
--
| This list is provided by the SecurityFocus ARIS analyzer service.
| For more information on this free incident handling, management
| and tracking system please see: http://aris.securityfocus.com
|
|


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: