Home page logo

basics logo Security Basics mailing list archives

RE: What to do if Cisco router & switches got hacked ?
From: Francisco Mário Ferreira Custódio <fcustodio () eda pt>
Date: Wed, 31 Dec 2003 17:24:03 -0100


In my point of view, hacking a router/switch does only make sense in two

- the attacker "hacks" into the router/switch to get information about the
network, to plan the attack.
- the attacker just wants to shutdown communications by conducting a DOS
attack to the router/switch.

IBM just changes the hardware....this is not a good practice.

I advise you to harden your router/switch...by changing all passwords, using
strong SNMP community names, using the latest IOS, providing good physical
security, use authentication in the routers (rather then a simple telnet
password) and using a syslog server to "see" what's going on.

You should also make sure that you're running the right IOS, a few months
ago...Cisco had a problem with some router platforms, the result was a
router crash...so be sure to check Cisco's advisories.

If you follow this procedures, you can avoid problems...and check what did
caused the router/switch to stop responding. Also assure that only
networking personnel has access to the routers.

Cheers everybody and a happy new year!


-----Original Message-----
From: yfs us [mailto:yfs_168us () yahoo com] 
Sent: quarta-feira, 31 de Dezembro de 2003 0:55
To: security-basics () securityfocus com
Subject: What to do if Cisco router & switches got hacked ?

Hi All,

       Just want to find out does anyone here came across the cisco switches
& router got hacked. I'm not sure which one actually got hacked coz I'm not
a security expert.
I do
notice that sometime my switches & router refuse to accept connection. But
when I change to a new want every things work fine. 
       I do ask the IBM technical support & they told me that it was hacked.
So now once a week I need to call the IBM support to fix it. They usually
replace it. I'm wondering how do I prevent these in the future. 
      Besides these I too like to know how do I track the hacker ? I had
mail my ISP & they reply please go & hire a security expert with a good
qualification. Is these what one usually get if they need help from the ISP
It looks
like the ISP suck or they r the one who did it. Or time to change ISP.
     Does one really need to have a good qualification to hunt the hacker ?
As far as I know everyone is a hacker the only different is some is good &
some is lousy coz hacker r not born they too go thru a pain in the ass
experince b4 they really call them self a elite haxor. 
    All help r welcome.


Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]