[179431] in North American Network Operators' Group
Re: Cisco Routers Vulnerability
daemon@ATHENA.MIT.EDU (Rashed Alwarrag)
Mon Apr 13 18:06:05 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <552C3B4B.9010804@foobar.org>
Date: Tue, 14 Apr 2015 00:59:33 +0300
From: Rashed Alwarrag <rali.ahmed@gmail.com>
To: Nick Hilliard <nick@foobar.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Still I don't have full information from them as it has been reported by
different customers and all almost in the same time , I am trying to get
some information about , I was just checking if there is known
vulnerability has been announced recently regarding this
Thanks you guys
On Tuesday, April 14, 2015, Nick Hilliard <nick@foobar.org> wrote:
> On 13/04/2015 23:48, Rashed Alwarrag wrote:
> > It's reported by different customers in different locations so I don't
> > think it's password compromised
>
> Have you checked? If the routers had vty access open (ssh or telnet) and
> the passwords were easy to guess, then it's more likely that this was a
> password compromise. You can test this out by getting a copy of one of the
> configs and decrypting the access password. Or by asking your customers
> whether their passwords were dictionary or simple words.
>
> It's possible that there was a remotely accessible vulnerability, but ios
> isn't known for this.
>
> Nick
>
>
>
--
*Rashed Alwarrag *
