OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Shaw (mshawwwisp.com)
Date: Wed Feb 20 2002 - 16:51:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    What I've seen plenty of is extremely poor password policy. This is a
    general rule of all cable/dsl modems.

    It's possible and highly likely that the password was:
    a) blank
    b) "password", "pass123", part of the mac address host name, etc.
    c) shared on some other cracked system

    The other thing is that most of the cable/dsl modems out there are very
    brute forcible via telnet and/or http using something like brutus
    (http://www.hoobie.net/brutus/).

    It's possible that there is some sort of exploit against the box (snmp?
    Poor html interface security?), but many many cable/dsl modems out there
    are just poorly set up.

    -Mike

    While on the subject.
    At 08:45 AM 2/19/2002 -0600, Bob Maccione wrote:
    >I have a friend that got hacked running linux. Luckly it's an inmature
    >enough hack that the mess left behind told me what happened. In this case a
    >user was created called 'ckcool' and then a rootkit was thrown down. I'm
    >going to get the disk from him to see what all was done but one thing
    >puzzled me. It seems that the password on the Linksys firewall/router was
    >also changed.
    >
    >Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL
    >router/firewalls?
    >
    >thanks
    >bob
    >
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management
    >and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com