|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org Date: Mon, 13 Apr 2015 17:03:02 -0600 In-Reply-To: <552C3B4B.9010804@foobar.org> From: "Keith Medcalf" <kmedcalf@dessus.com> To: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org >> It's reported by different customers in different locations so I don't >> think it's password compromised >Have you checked? If the routers had vty access open (ssh or telnet) and >the passwords were easy to guess, then it's more likely that this was a >password compromise. You can test this out by getting a copy of one of >the configs and decrypting the access password. Or by asking your custome= rs >whether their passwords were dictionary or simple words. or if mayhaps the passwords were listed on the list of passwords discussed = a few days ago: 353040 sshpsycho_passwords.txt http://blogs.cisco.com/security/talos/sshpsychos Once a password list gets published the scripties will update their list of= password to brute force with all the other password lists they can find. = Hence lists that exceed 353,000 passwords and growing ..
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |