What I've seen plenty of is extremely poor password policy. This is a
general rule of all cable/dsl modems.

It's possible and highly likely that the password was:
a) blank
b) "password", "pass123", part of the mac address host name, etc.
c) shared on some other cracked system

The other thing is that most of the cable/dsl modems out there are very
brute forcible via telnet and/or http using something like brutus
(http://www.hoobie.net/brutus/).

It's possible that there is some sort of exploit against the box (snmp?
Poor html interface security?), but many many cable/dsl modems out there
are just poorly set up.

-Mike

While on the subject.
At 08:45 AM 2/19/2002 -0600, Bob Maccione wrote:
>I have a friend that got hacked running linux. Luckly it's an inmature
>enough hack that the mess left behind told me what happened. In this case a
>user was created called 'ckcool' and then a rootkit was thrown down. I'm
>going to get the disk from him to see what all was done but one thing
>puzzled me. It seems that the password on the Linksys firewall/router was
>also changed.
>
>Has anyone seen/heard of any vulnerabilities in the Linksys Cable/DSL
>router/firewalls?
>
>thanks
>bob
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]