Security Incidents mailing list archives
Re: ckcool?
From: Mike Shaw <mshaw () wwisp com>
Date: Wed, 20 Feb 2002 16:51:47 -0600
What I've seen plenty of is extremely poor password policy. This is a general rule of all cable/dsl modems.
It's possible and highly likely that the password was: a) blank b) "password", "pass123", part of the mac address host name, etc. c) shared on some other cracked systemThe other thing is that most of the cable/dsl modems out there are very brute forcible via telnet and/or http using something like brutus (http://www.hoobie.net/brutus/).
It's possible that there is some sort of exploit against the box (snmp? Poor html interface security?), but many many cable/dsl modems out there are just poorly set up.
-Mike While on the subject. At 08:45 AM 2/19/2002 -0600, Bob Maccione wrote:
I have a friend that got hacked running linux. Luckly it's an inmature enough hack that the mess left behind told me what happened. In this case a user was created called 'ckcool' and then a rootkit was thrown down. I'm going to get the disk from him to see what all was done but one thing puzzled me. It seems that the password on the Linksys firewall/router was also changed. Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL router/firewalls? thanks bob ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ckcool? Bob Maccione (Feb 20)
- Re: ckcool? Johan Denoyer (Feb 22)
- Re: ckcool? Chris Wilkes (Feb 22)
- <Possible follow-ups>
- Re: ckcool? Mike Shaw (Feb 22)
- RE: ckcool? Bob Maccione (Feb 22)
- Fw: ckcool? James (Feb 22)