[31717] in North American Network Operators' Group
Re: router damaged by cracker?
daemon@ATHENA.MIT.EDU (John Fraizer)
Thu Oct 12 13:14:40 2000
Date: Thu, 12 Oct 2000 13:11:56 -0400 (EDT)
From: John Fraizer <nanog@EnterZone.Net>
To: Deepak Jain <deepak@ai.net>
Cc: Kai Schlichting <kai@pac-rim.net>, nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0010121239110.14577-100000@aries.ai.net>
Message-ID: <Pine.LNX.4.21.0010121301370.29099-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 12 Oct 2000, Deepak Jain wrote:
>
>
> By the way that article reads, I would guess the attack was not
> exceptionally sophisticated. (Everyone's definition of sophisticated is
> different).
>
> If one removed the config-reg (or renamed it) function on a small Cisco's
> firmware one could quite effectively change the passwords and make it
> difficult for a not very technical group of admins to take it back.
>
> Since there is talk about moving their main router behind a firewall, my
> guess is that they are using a routing appliance rather than any
> sophisticated routing hardware. The $18,000 replacement is probably for a
> different vendor, not because the hardware has lost function.
>
> This is all wild conjecture because I haven't seen any alerts from vendors
> in their normal channels. :)
>
> Deepak Jain
> AiNET
>
I would tend to agree.
From the DenverPost:
"Eagle Network, which has an environmental bent, services 100 Web sites
and has 220 customers for its e-mail service, eagle-access.net."
I feel bad for these folks. I don't know of many 25xx/26xx (guessing)
based providers who keep hot-spares on site but I'm fairly certain that
they could have obtained a temp-replacement router of nearly any make and
configuration for the cost of shipping during that timespan.
---
John Fraizer
EnterZone, Inc.
