Re: news story and router passwords

[Lincoln Yeoh <lyeoh () POP JARING MY>]

At 04:35 PM 10/12/00 +0200, Vitaly Osipov wrote:
> Hello all,
>
> I think everybody knows that media reporting on hackers and their tools is,
> ehm, very improper :)
> I've read one article recently
> http://www.denverpost.com/business/biz1012d.htm  ) in which it is clamed
> that some hacker after sniffing router password changed it and made
> *something* after that they were not able to recover that password. Have
> somebody heard of such problems (it looks like they were using cisco,

One possible scenario:
The hacker could have reflashed the router or its modules with a custom
firmware, or just zapped the firmware. This can make password recovery
impossible. Custom firmware would be much harder but more scary - because
if the hacker does it right, you won't even notice till really bad things
happen. Getting and changing the router firmware usually isn't that
difficult, understanding it enough to make interesting changes without
totally breaking stuff is a bit harder. The way to fix this would be to
reflash the affected components with a decent release.

If it's really a Cisco and they have a contract they could just contact
Cisco TAC to fix things for them, instead of being held to ransom by the
hacker. When a customer sent us a faulty obsolete Cisco access server - no
contract, no nothing, and they bought it from someone else(!), Cisco
actually sent a replacement for _free_[1] within a few days! Customer
happy, we happy, TAC people happy, and no bets on what router that customer
will be buying next....

Cheerio,
Link.